Search

Find a vulnerability

Search criteria

    4 vulnerabilities by Store Locator Plus

    CVE-2024-43258 (GCVE-0-2024-43258)

    Vulnerability from nvd – Published: 2024-08-26 20:14 – Updated: 2026-04-28 16:10
    VLAI
    Title
    WordPress Store Locator Plus® for WordPress plugin <= 2311.17.01 - Sensitive Data Exposure vulnerability
    Summary
    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Store Locator Plus.This issue affects Store Locator Plus: from n/a through 2311.17.01.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    Store Locator Plus Store Locator Plus Affected: n/a , ≤ 2311.17.01 (custom)
    Create a notification for this product.
    Credits
    Peng Zhou (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-43258",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-27T18:12:23.425929Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-27T18:12:34.273Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "store-locator-le",
              "product": "Store Locator Plus",
              "vendor": "Store Locator Plus",
              "versions": [
                {
                  "lessThanOrEqual": "2311.17.01",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Peng Zhou (Patchstack Alliance)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Store Locator Plus.\u003cp\u003eThis issue affects Store Locator Plus: from n/a through 2311.17.01.\u003c/p\u003e"
                }
              ],
              "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Store Locator Plus.This issue affects Store Locator Plus: from n/a through 2311.17.01."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:10:11.031Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/vulnerability/store-locator-le/wordpress-store-locator-plus-for-wordpress-plugin-2311-17-01-sensitive-data-exposure-vulnerability?_s_id=cve"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Store Locator Plus\u00ae for WordPress plugin \u003c= 2311.17.01 - Sensitive Data Exposure vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2024-43258",
        "datePublished": "2024-08-26T20:14:33.950Z",
        "dateReserved": "2024-08-09T09:20:48.470Z",
        "dateUpdated": "2026-04-28T16:10:11.031Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-24289 (GCVE-0-2021-24289)

    Vulnerability from nvd – Published: 2021-05-17 16:48 – Updated: 2024-08-03 19:28
    VLAI
    Title
    Store Locator Plus <= 5.5.14 - Authenticated Privilege Escalation
    Summary
    There is functionality in the Store Locator Plus for WordPress plugin through 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin.
    Severity
    No CVSS data available.
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    References
    Impacted products
    Vendor Product Version
    Store Locator Plus Store Locator Plus for WordPress Affected: 5.5.14 , ≤ 5.5.14 (custom)
    Create a notification for this product.
    Credits
    Chloe Chamberland
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:28:23.205Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/078e93cd-7cf2-4e23-8171-58d44e354d62"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Store Locator Plus for WordPress",
              "vendor": "Store Locator Plus",
              "versions": [
                {
                  "lessThanOrEqual": "5.5.14",
                  "status": "affected",
                  "version": "5.5.14",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Chloe Chamberland"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "There is functionality in the Store Locator Plus for WordPress plugin through 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-17T16:48:52.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wpscan.com/vulnerability/078e93cd-7cf2-4e23-8171-58d44e354d62"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Store Locator Plus \u003c= 5.5.14 - Authenticated Privilege Escalation",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-24289",
              "STATE": "PUBLIC",
              "TITLE": "Store Locator Plus \u003c= 5.5.14 - Authenticated Privilege Escalation"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Store Locator Plus for WordPress",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "5.5.14",
                                "version_value": "5.5.14"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Store Locator Plus"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Chloe Chamberland"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is functionality in the Store Locator Plus for WordPress plugin through 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-269 Improper Privilege Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/078e93cd-7cf2-4e23-8171-58d44e354d62",
                  "refsource": "CONFIRM",
                  "url": "https://wpscan.com/vulnerability/078e93cd-7cf2-4e23-8171-58d44e354d62"
                },
                {
                  "name": "https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin/",
                  "refsource": "MISC",
                  "url": "https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin/"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-24289",
        "datePublished": "2021-05-17T16:48:52.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:28:23.205Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-43258 (GCVE-0-2024-43258)

    Vulnerability from cvelistv5 – Published: 2024-08-26 20:14 – Updated: 2026-04-28 16:10
    VLAI
    Title
    WordPress Store Locator Plus® for WordPress plugin <= 2311.17.01 - Sensitive Data Exposure vulnerability
    Summary
    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Store Locator Plus.This issue affects Store Locator Plus: from n/a through 2311.17.01.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    Store Locator Plus Store Locator Plus Affected: n/a , ≤ 2311.17.01 (custom)
    Create a notification for this product.
    Credits
    Peng Zhou (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-43258",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-27T18:12:23.425929Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-27T18:12:34.273Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "store-locator-le",
              "product": "Store Locator Plus",
              "vendor": "Store Locator Plus",
              "versions": [
                {
                  "lessThanOrEqual": "2311.17.01",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Peng Zhou (Patchstack Alliance)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Store Locator Plus.\u003cp\u003eThis issue affects Store Locator Plus: from n/a through 2311.17.01.\u003c/p\u003e"
                }
              ],
              "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Store Locator Plus.This issue affects Store Locator Plus: from n/a through 2311.17.01."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:10:11.031Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/vulnerability/store-locator-le/wordpress-store-locator-plus-for-wordpress-plugin-2311-17-01-sensitive-data-exposure-vulnerability?_s_id=cve"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Store Locator Plus\u00ae for WordPress plugin \u003c= 2311.17.01 - Sensitive Data Exposure vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2024-43258",
        "datePublished": "2024-08-26T20:14:33.950Z",
        "dateReserved": "2024-08-09T09:20:48.470Z",
        "dateUpdated": "2026-04-28T16:10:11.031Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-24289 (GCVE-0-2021-24289)

    Vulnerability from cvelistv5 – Published: 2021-05-17 16:48 – Updated: 2024-08-03 19:28
    VLAI
    Title
    Store Locator Plus <= 5.5.14 - Authenticated Privilege Escalation
    Summary
    There is functionality in the Store Locator Plus for WordPress plugin through 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin.
    Severity
    No CVSS data available.
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    References
    Impacted products
    Vendor Product Version
    Store Locator Plus Store Locator Plus for WordPress Affected: 5.5.14 , ≤ 5.5.14 (custom)
    Create a notification for this product.
    Credits
    Chloe Chamberland
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:28:23.205Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/078e93cd-7cf2-4e23-8171-58d44e354d62"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Store Locator Plus for WordPress",
              "vendor": "Store Locator Plus",
              "versions": [
                {
                  "lessThanOrEqual": "5.5.14",
                  "status": "affected",
                  "version": "5.5.14",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Chloe Chamberland"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "There is functionality in the Store Locator Plus for WordPress plugin through 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-05-17T16:48:52.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wpscan.com/vulnerability/078e93cd-7cf2-4e23-8171-58d44e354d62"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Store Locator Plus \u003c= 5.5.14 - Authenticated Privilege Escalation",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-24289",
              "STATE": "PUBLIC",
              "TITLE": "Store Locator Plus \u003c= 5.5.14 - Authenticated Privilege Escalation"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Store Locator Plus for WordPress",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "5.5.14",
                                "version_value": "5.5.14"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Store Locator Plus"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Chloe Chamberland"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "There is functionality in the Store Locator Plus for WordPress plugin through 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-269 Improper Privilege Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/078e93cd-7cf2-4e23-8171-58d44e354d62",
                  "refsource": "CONFIRM",
                  "url": "https://wpscan.com/vulnerability/078e93cd-7cf2-4e23-8171-58d44e354d62"
                },
                {
                  "name": "https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin/",
                  "refsource": "MISC",
                  "url": "https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin/"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-24289",
        "datePublished": "2021-05-17T16:48:52.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:28:23.205Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }