Approved changes feed: RSS · Atom

cpe:2.3:a:agilelogix:store_locator:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

VendorAgilelogix (3e4d7750-9be6-59dc-98ce-952db2851bb0)
ProductStore Locator (c1b7277b-4224-5c46-8af9-859ae992c3d5)
Edition*
Language*
Software edition*
Target softwarewordpress
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2023-4151 vulnerable 2026-06-08 06:16:11.639965 Store Locator WordPress < 1.4.13 - Reflected XSS
The Store Locator WordPress plugin before 1.4.13 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Published: 2023-09-04T11:26:58.445Z
Updated: 2025-03-06T16:05:18.419Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-27618 vulnerable 2026-06-08 05:57:42.131972 WordPress Store Locator WordPress Plugin <= 1.4.9 is vulnerable to Cross Site Scripting (XSS)
MEDIUM (5.9)
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in AGILELOGIX Store Locator WordPress plugin <= 1.4.9 versions.
Published: 2023-06-22T08:33:56.990Z
Updated: 2026-04-28T16:08:14.584Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-4832 vulnerable 2026-06-08 05:52:00.447954 Store Locator WordPress < 1.4.9 - Contributor+ Stored XSS via Shortcode
The Store Locator WordPress plugin before 1.4.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
Published: 2023-01-23T14:31:22.236Z
Updated: 2025-04-02T15:54:35.578Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-41615 vulnerable 2026-06-08 05:48:30.615143 WordPress Store Locator plugin <= 1.4.5 - Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability
MEDIUM (6.1)
Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Store Locator plugin <= 1.4.5 on WordPress.
Published: 2022-11-18T22:28:21.970Z
Updated: 2026-04-28T16:07:49.099Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.