goldplugins locations CVE Vulnerabilities (2)

CVEs: 2 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting goldplugins locations (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

CVE	Summary	Source	Max CVSS	EPSS %	Published	Updated
CVE-2023-41797	Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gold Plugins Locations plugin <= 4.0 versions.	[email protected]	6.5	0.33%	2023-10-02	2024-11-21
CVE-2021-4394	The Locations plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.1. This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated attackers to update custom field meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.	[email protected]	4.3	0.39%	2023-07-01	2026-04-08

cvelogic Threat Intelligence