Vulnerabilities and security researches foragile-store-locator agile-store-locator
Direction: descendingJun 11, 2026
Store Locator WordPress # CVE-2026-9060
- CVE, Research URL
- Home page URL
- Application
- Date
- Jun 10, 2026
- Research Description
- The Store Locator WordPress plugin before 1.6.6 does not sanitize and escape one of its settings before storing it and outputting it on the Store Locator WordPress plugin before 1.6.6 admin page, allowing high-privileged users such as administrators to perform Stored Cross-Site Scripting attacks even when the `unfiltered_html` capability is disallowed (e.g. in a multisite network where the super admin visits the page).
- Affected versions
-
max 1.6.6.
- Status
-
vulnerable
Dec 11, 2025
Store Locator WordPress # CVE-2025-67516
- CVE, Research URL
- Home page URL
- Application
- Date
- Dec 09, 2025
- Research Description
- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agile Logix Store Locator WordPress agile-store-locator allows Blind SQL Injection.This issue affects Store Locator WordPress: from n/a through <= 1.6.2.
- Affected versions
-
max 1.6.2.
- Status
-
vulnerable
Jun 14, 2025
Store Locator WordPress # CVE-2025-49329
- CVE, Research URL
- Home page URL
- Application
- Date
- Jun 06, 2025
- Research Description
- Unrestricted Upload of File with Dangerous Type vulnerability in Agile Logix Store Locator WordPress allows Upload a Web Shell to a Web Server. This issue affects Store Locator WordPress: from n/a through 1.5.2.
- Affected versions
-
max 1.5.3.
- Status
-
vulnerable
Store Locator WordPress # CVE-2025-49328
- CVE, Research URL
- Home page URL
- Application
- Date
- Jun 06, 2025
- Research Description
- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agile Logix Store Locator WordPress allows SQL Injection. This issue affects Store Locator WordPress: from n/a through 1.5.1.
- Affected versions
-
max 1.5.2.
- Status
-
vulnerable
Jun 06, 2024
Store Locator WordPress # CVE-2023-27618
- CVE, Research URL
- Home page URL
- Application
- Date
- Jun 22, 2023
- Research Description
- Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in AGILELOGIX Store Locator WordPress plugin <= 1.4.9 versions.
- Affected versions
-
max 1.4.10.
- Status
-
vulnerable
Store Locator WordPress # CVE-2023-50885
- CVE, Research URL
- Home page URL
- Application
- Date
- Apr 18, 2024
- Research Description
- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AGILELOGIX Store Locator WordPress.This issue affects Store Locator WordPress: from n/a through 1.4.14.
- Affected versions
-
max 1.4.15.
- Status
-
vulnerable
Store Locator WordPress # CVE-2022-41615
- CVE, Research URL
- Home page URL
- Application
- Date
- Nov 19, 2022
- Research Description
- Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Store Locator plugin <= 1.4.5 on WordPress.
- Affected versions
-
max 1.4.6.
- Status
-
vulnerable
Store Locator WordPress # CVE-2022-4832
- CVE, Research URL
- Home page URL
- Application
- Date
- Jan 23, 2023
- Research Description
- The Store Locator WordPress plugin before 1.4.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
- Affected versions
-
max 1.4.9.
- Status
-
vulnerable
Store Locator WordPress # CVE-2023-4151
- CVE, Research URL
- Home page URL
- Application
- Date
- Sep 04, 2023
- Research Description
- The Store Locator WordPress plugin before 1.4.13 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
- Affected versions
-
max 1.4.13.
- Status
-
vulnerable