Locatoraid Store Locator < 3.9.24 - Reflected XSS

The Locatoraid Store Locator WordPress plugin before 3.9.24 does not sanitise and escape the lpr-search parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

N/A

N/A

WordPress plugin Locatoraid Store Locator 跨站脚本漏洞

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Locatoraid Store Locator 3.9.24 版本之前存在跨站脚本漏洞，该漏洞源于在将 lpr-search 参数回显至页面之前，不会对其进行清理和转义，从而导致反射型跨站脚本。

N/A

N/A