Vulnerabilities > Instawp > String Locator > 2.0.3

DATE CVE VULNERABILITY TITLE RISK
2025-01-21 CVE-2024-10936 Deserialization of Untrusted Data vulnerability in Instawp String Locator
The String locator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.6 via deserialization of untrusted input in the 'recursive_unserialize_replace' function.
network
low complexity
instawp CWE-502
8.8
8.8
2024-08-24 CVE-2023-6987 Cross-site Scripting vulnerability in Instawp String Locator
The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping.
network
low complexity
instawp CWE-79
6.1
6.1
2022-09-06 CVE-2022-2434 Deserialization of Untrusted Data vulnerability in Instawp String Locator
The String Locator plugin for WordPress is vulnerable to deserialization of untrusted input via the 'string-locator-path' parameter in versions up to, and including 2.5.0.
network
low complexity
instawp CWE-502
8.8
8.8