Vulnerabilities and security researches foragile-store-locator agile-store-locator

Jun 06, 2024

CVE, Research URL: CVE-2023-27618
Home page URL: Security reports for Store Locator WordPress
Application: Store Locator WordPress
Date: Jun 22, 2023
Research Description: Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in AGILELOGIX Store Locator WordPress plugin <= 1.4.9 versions.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-50885
Home page URL: Security reports for Store Locator WordPress
Application: Store Locator WordPress
Date: Apr 18, 2024
Research Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AGILELOGIX Store Locator WordPress.This issue affects Store Locator WordPress: from n/a through 1.4.14.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-41615
Home page URL: Security reports for Store Locator WordPress
Application: Store Locator WordPress
Date: Nov 19, 2022
Research Description: Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Store Locator plugin <= 1.4.5 on WordPress.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-4832
Home page URL: Security reports for Store Locator WordPress
Application: Store Locator WordPress
Date: Jan 23, 2023
Research Description: The Store Locator WordPress plugin before 1.4.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-4151
Home page URL: Security reports for Store Locator WordPress
Application: Store Locator WordPress
Date: Sep 04, 2023
Research Description: The Store Locator WordPress plugin before 1.4.13 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Affected versions: Min -, max -.
Status: vulnerable

Jun 14, 2025

CVE, Research URL: CVE-2025-49329
Home page URL: Security reports for Store Locator WordPress
Application: Store Locator WordPress
Date: Jun 06, 2025
Research Description: Unrestricted Upload of File with Dangerous Type vulnerability in Agile Logix Store Locator WordPress allows Upload a Web Shell to a Web Server. This issue affects Store Locator WordPress: from n/a through 1.5.2.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2025-49328
Home page URL: Security reports for Store Locator WordPress
Application: Store Locator WordPress
Date: Jun 06, 2025
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agile Logix Store Locator WordPress allows SQL Injection. This issue affects Store Locator WordPress: from n/a through 1.5.1.
Affected versions: Min -, max -.
Status: vulnerable