CVE-2023-4151 Information

Sep 05, 2023 cve

Description

The Store Locator WordPress plugin before 1.4.13 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Reference

https://wpscan.com/vulnerability/c9d80aa4-a26d-4b3f-b7bf-9d2fb0560d7b

Share on: