Cross-site Scripting Vulnerability in Locatoraid Store Locator by Plainware

CVE-2024-30181

Summary

The Locatoraid Store Locator plugin developed by Plainware is susceptible to a Cross-site Scripting (XSS) vulnerability caused by improper neutralization of user input during web page generation. This flaw allows attackers to inject malicious scripts that can be executed when a victim accesses the compromised web page. The vulnerability affects versions of Locatoraid Store Locator before 3.9.30, potentially leading to the storage of malicious payloads and exploitation in environments where user-generated content is displayed. It is crucial for users to upgrade to the latest version to safeguard against potential attacks.

References