Vulnerabilities > CVE-2021-24290 - Unspecified vulnerability in De-Baat Store Locator Plus
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
There are several endpoints in the Store Locator Plus for WordPress plugin through 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- https://wpscan.com/vulnerability/dc368484-f2fe-4c76-ba3d-e00e7f633719
- https://wpscan.com/vulnerability/dc368484-f2fe-4c76-ba3d-e00e7f633719
- https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin
- https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin