cbcvebase.

Wpexperts.Io Wp Multistore Locator vulnerabilities

4 known vulnerabilities affecting wpexperts.io/wp_multistore_locator.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2025-28898P2CRITICALCVSS 9.3≤ 2.5.22025-03-26
CVE-2025-28898 [CRITICAL] CWE-89 CVE-2025-28898: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPExperts.io WP Multistore Locator wp-multi-store-locator allows SQL Injection.This issue affects WP Multistore Locator: from n/a through <= 2.5.2.
nvd
CVE-2025-26974P3CRITICALCVSS 9.3≤ 2.5.12025-02-25
CVE-2025-26974 [CRITICAL] CWE-89 CVE-2025-26974: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPExperts.io WP Multistore Locator wp-multi-store-locator allows Blind SQL Injection.This issue affects WP Multistore Locator: from n/a through <= 2.5.1.
nvd
CVE-2025-24680P4MEDIUMCVSS 6.1≤ 2.4.72025-01-27
CVE-2025-24680 [MEDIUM] CWE-80 CVE-2025-24680: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WPExp Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WPExperts.io WP Multistore Locator wp-multi-store-locator allows Reflected XSS.This issue affects WP Multistore Locator: from n/a through <= 2.4.7.
nvd
CVE-2025-31888P4MEDIUMCVSS 4.3≤ 2.5.22025-04-01
CVE-2025-31888 [MEDIUM] CWE-352 CVE-2025-31888: Cross-Site Request Forgery (CSRF) vulnerability in WPExperts.io WP Multistore Locator wp-multi-store Cross-Site Request Forgery (CSRF) vulnerability in WPExperts.io WP Multistore Locator wp-multi-store-locator allows Cross Site Request Forgery.This issue affects WP Multistore Locator: from n/a through <= 2.5.2.
nvd
Wpexperts.Io Wp Multistore Locator vulnerabilities | cvebase