Search criteria
6 vulnerabilities found for store_locator_plus by de-baat
FKIE_CVE-2021-24290
Vulnerability from fkie_nvd - Published: 2021-05-17 17:15 - Updated: 2024-11-21 05:52
Severity ?
Summary
There are several endpoints in the Store Locator Plus for WordPress plugin through 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| de-baat | store_locator_plus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:de-baat:store_locator_plus:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "42F91FD7-8E5C-48A4-89C8-3A621164DABB",
"versionEndIncluding": "5.5.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are several endpoints in the Store Locator Plus for WordPress plugin through 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages."
},
{
"lang": "es",
"value": "Se presentan varios endpoints en el plugin Store Locator Plus para WordPress versiones hasta 5.5.15, que podr\u00edan permitir a atacantes no autenticados la habilidad de inyectar JavaScript malicioso en las p\u00e1ginas"
}
],
"id": "CVE-2021-24290",
"lastModified": "2024-11-21T05:52:46.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-17T17:15:08.163",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/dc368484-f2fe-4c76-ba3d-e00e7f633719"
},
{
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/dc368484-f2fe-4c76-ba3d-e00e7f633719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "contact@wpscan.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-24289
Vulnerability from fkie_nvd - Published: 2021-05-17 17:15 - Updated: 2024-11-21 05:52
Severity ?
Summary
There is functionality in the Store Locator Plus for WordPress plugin through 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| de-baat | store_locator_plus | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:de-baat:store_locator_plus:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "E366AE30-57FF-4747-A799-32BF03B66C11",
"versionEndIncluding": "5.5.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is functionality in the Store Locator Plus for WordPress plugin through 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin."
},
{
"lang": "es",
"value": "Se presenta una funcionalidad en el plugin Store Locator Plus para WordPress versiones hasta 5.5.14, que hizo posible a unos usuarios autenticados actualizar sus metadatos de usuario para convertirse en administradores en cualquier sitio que use el plugin"
}
],
"id": "CVE-2021-24289",
"lastModified": "2024-11-21T05:52:46.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-17T17:15:08.120",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/078e93cd-7cf2-4e23-8171-58d44e354d62"
},
{
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/078e93cd-7cf2-4e23-8171-58d44e354d62"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin/"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "contact@wpscan.com",
"type": "Secondary"
}
]
}
CVE-2021-24290 (GCVE-0-2021-24290)
Vulnerability from cvelistv5 – Published: 2021-05-17 16:48 – Updated: 2024-08-03 19:28
VLAI?
Title
Store Locator Plus <= 5.5.15 - Unauthenticated Stored Cross-Site Scripting (XSS)
Summary
There are several endpoints in the Store Locator Plus for WordPress plugin through 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Store Locator Plus® | Store Locator Plus for WordPress |
Affected:
5.5.15 , ≤ 5.5.15
(custom)
|
Credits
Chloe Chamberland
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/dc368484-f2fe-4c76-ba3d-e00e7f633719"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Store Locator Plus for WordPress",
"vendor": "Store Locator Plus\u00ae",
"versions": [
{
"lessThanOrEqual": "5.5.15",
"status": "affected",
"version": "5.5.15",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Chloe Chamberland"
}
],
"descriptions": [
{
"lang": "en",
"value": "There are several endpoints in the Store Locator Plus for WordPress plugin through 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-17T16:48:53",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/dc368484-f2fe-4c76-ba3d-e00e7f633719"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Store Locator Plus \u003c= 5.5.15 - Unauthenticated Stored Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24290",
"STATE": "PUBLIC",
"TITLE": "Store Locator Plus \u003c= 5.5.15 - Unauthenticated Stored Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Store Locator Plus for WordPress",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "5.5.15",
"version_value": "5.5.15"
}
]
}
}
]
},
"vendor_name": "Store Locator Plus\u00ae"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There are several endpoints in the Store Locator Plus for WordPress plugin through 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/dc368484-f2fe-4c76-ba3d-e00e7f633719",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/dc368484-f2fe-4c76-ba3d-e00e7f633719"
},
{
"name": "https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin",
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24290",
"datePublished": "2021-05-17T16:48:53",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:28:23.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24289 (GCVE-0-2021-24289)
Vulnerability from cvelistv5 – Published: 2021-05-17 16:48 – Updated: 2024-08-03 19:28
VLAI?
Title
Store Locator Plus <= 5.5.14 - Authenticated Privilege Escalation
Summary
There is functionality in the Store Locator Plus for WordPress plugin through 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin.
Severity ?
No CVSS data available.
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Store Locator Plus | Store Locator Plus for WordPress |
Affected:
5.5.14 , ≤ 5.5.14
(custom)
|
Credits
Chloe Chamberland
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/078e93cd-7cf2-4e23-8171-58d44e354d62"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Store Locator Plus for WordPress",
"vendor": "Store Locator Plus",
"versions": [
{
"lessThanOrEqual": "5.5.14",
"status": "affected",
"version": "5.5.14",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Chloe Chamberland"
}
],
"descriptions": [
{
"lang": "en",
"value": "There is functionality in the Store Locator Plus for WordPress plugin through 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-17T16:48:52",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/078e93cd-7cf2-4e23-8171-58d44e354d62"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Store Locator Plus \u003c= 5.5.14 - Authenticated Privilege Escalation",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24289",
"STATE": "PUBLIC",
"TITLE": "Store Locator Plus \u003c= 5.5.14 - Authenticated Privilege Escalation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Store Locator Plus for WordPress",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "5.5.14",
"version_value": "5.5.14"
}
]
}
}
]
},
"vendor_name": "Store Locator Plus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is functionality in the Store Locator Plus for WordPress plugin through 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/078e93cd-7cf2-4e23-8171-58d44e354d62",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/078e93cd-7cf2-4e23-8171-58d44e354d62"
},
{
"name": "https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin/",
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24289",
"datePublished": "2021-05-17T16:48:52",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:28:23.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24290 (GCVE-0-2021-24290)
Vulnerability from nvd – Published: 2021-05-17 16:48 – Updated: 2024-08-03 19:28
VLAI?
Title
Store Locator Plus <= 5.5.15 - Unauthenticated Stored Cross-Site Scripting (XSS)
Summary
There are several endpoints in the Store Locator Plus for WordPress plugin through 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Store Locator Plus® | Store Locator Plus for WordPress |
Affected:
5.5.15 , ≤ 5.5.15
(custom)
|
Credits
Chloe Chamberland
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/dc368484-f2fe-4c76-ba3d-e00e7f633719"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Store Locator Plus for WordPress",
"vendor": "Store Locator Plus\u00ae",
"versions": [
{
"lessThanOrEqual": "5.5.15",
"status": "affected",
"version": "5.5.15",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Chloe Chamberland"
}
],
"descriptions": [
{
"lang": "en",
"value": "There are several endpoints in the Store Locator Plus for WordPress plugin through 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-17T16:48:53",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/dc368484-f2fe-4c76-ba3d-e00e7f633719"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Store Locator Plus \u003c= 5.5.15 - Unauthenticated Stored Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24290",
"STATE": "PUBLIC",
"TITLE": "Store Locator Plus \u003c= 5.5.15 - Unauthenticated Stored Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Store Locator Plus for WordPress",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "5.5.15",
"version_value": "5.5.15"
}
]
}
}
]
},
"vendor_name": "Store Locator Plus\u00ae"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There are several endpoints in the Store Locator Plus for WordPress plugin through 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/dc368484-f2fe-4c76-ba3d-e00e7f633719",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/dc368484-f2fe-4c76-ba3d-e00e7f633719"
},
{
"name": "https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin",
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24290",
"datePublished": "2021-05-17T16:48:53",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:28:23.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24289 (GCVE-0-2021-24289)
Vulnerability from nvd – Published: 2021-05-17 16:48 – Updated: 2024-08-03 19:28
VLAI?
Title
Store Locator Plus <= 5.5.14 - Authenticated Privilege Escalation
Summary
There is functionality in the Store Locator Plus for WordPress plugin through 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin.
Severity ?
No CVSS data available.
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Store Locator Plus | Store Locator Plus for WordPress |
Affected:
5.5.14 , ≤ 5.5.14
(custom)
|
Credits
Chloe Chamberland
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:28:23.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/078e93cd-7cf2-4e23-8171-58d44e354d62"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Store Locator Plus for WordPress",
"vendor": "Store Locator Plus",
"versions": [
{
"lessThanOrEqual": "5.5.14",
"status": "affected",
"version": "5.5.14",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Chloe Chamberland"
}
],
"descriptions": [
{
"lang": "en",
"value": "There is functionality in the Store Locator Plus for WordPress plugin through 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-17T16:48:52",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/078e93cd-7cf2-4e23-8171-58d44e354d62"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Store Locator Plus \u003c= 5.5.14 - Authenticated Privilege Escalation",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24289",
"STATE": "PUBLIC",
"TITLE": "Store Locator Plus \u003c= 5.5.14 - Authenticated Privilege Escalation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Store Locator Plus for WordPress",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "5.5.14",
"version_value": "5.5.14"
}
]
}
}
]
},
"vendor_name": "Store Locator Plus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chloe Chamberland"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is functionality in the Store Locator Plus for WordPress plugin through 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/078e93cd-7cf2-4e23-8171-58d44e354d62",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/078e93cd-7cf2-4e23-8171-58d44e354d62"
},
{
"name": "https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin/",
"refsource": "MISC",
"url": "https://www.wordfence.com/blog/2021/04/severe-unpatched-vulnerabilities-leads-to-closure-of-store-locator-plus-plugin/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24289",
"datePublished": "2021-05-17T16:48:52",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:28:23.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}