CVE-2021-24290

CVE-2021-24290: Store Locator Plus <= 5.5.15 - Unauthenticated Stored Cross-Site Scripting (XSS)

Vendor Store Locator Plus®

Product Store Locator Plus for WordPress

Weakness CWE-79 · XSS

Published May 17, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

There are several endpoints in the Store Locator Plus for WordPress plugin through 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages.

Key dates

02Disclosure timeline

May 17, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24290 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-8274 WP Booking Calendar <= 10.5 - Reflected Cross-Site Scripting CVE-2024-56258 WordPress Magazine Blocks plugin <= 1.3.20 - Cross Site Scripting (XSS) vulnerability CVE-2025-26555 WordPress Debug-Bar-Extender Plugin <= 0.5 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-5266 Download Manager <= 3.2.92 - Authenticated (Author+) Stored Cross-Site Scripting via Multiple Shortcodes CVE-2024-8712 GTM Server Side <= 2.1.19 - Reflected Cross-Site Scripting