CVE-2021-24289: Store Locator Plus <= 5.5.14 - Authenticated Privilege Escalation

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-24289

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Store Locator Plus <= 5.5.14 - Authenticated Privilege Escalation

Source: NVD (National Vulnerability Database)

Vulnerability Description

There is functionality in the Store Locator Plus for WordPress plugin through 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

特权管理不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

WordPress plugin 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress 插件是WordPress开源的一个应用插件。 Store Locator Plus for WordPress plugin 5.5.14版本及之前版本存在安全漏洞，该漏洞源于Store Locator Plus中有一个功能，可以让通过身份验证的用户更新他们的用户元数据，从而成为任何使用插件的站点的管理员。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Store Locator Plus	Store Locator Plus for WordPress	5.5.14 ~ 5.5.14	-

II. Public POCs for CVE-2021-24289

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-24289

Please Login to view more intelligence information

IV. Related Vulnerabilities

Same product: Store Locator Plus for WordPress

CVE-2021-24290
Store Locator Plus <= 5.5.15 - Unauthenticated Stored Cross-

Same vendor: Store Locator Plus

CVE-2024-43258
WordPress Store Locator Plus® for WordPress plugin <= 2311.1

Same weakness: CWE-269

V. Comments for CVE-2021-24289

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2021-24289

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-24289

III. Intelligence Information for CVE-2021-24289

IV. Related Vulnerabilities

V. Comments for CVE-2021-24289

Leave a comment