Cross-Site Scripting Vulnerability in WP Multi Store Locator by WordPress
CVE-2025-24680

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: WP Multi Store Locator
Vendor: CVE Published:; 27 January 2025

What is CVE-2025-24680?

A reflected cross-site scripting (XSS) vulnerability exists in the WP Multi Store Locator plugin, allowing attackers to exploit improper neutralization of HTML tags in web pages. This vulnerability impacts versions of the plugin before 2.4.7, potentially enabling malicious scripts to be reflected from the server to the user’s browser, compromising user interactions and data integrity.

Affected Version(s)

WP Multi Store Locator <= 2.4.7

References

https://patchstack.com/database/wordpress/plugin/wp-multi...

vdb-entry

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 27, 2025
Vulnerability Reserved
Jan 23, 2025

Credit

Abdi Pranata (Patchstack Alliance)