← Back

Joomlaserviceprovider

joomlaserviceprovider

4 CVEs • 2 products

Products (2)

Click to collapse
Toggle
Wsecure
wsecure
2 CVEs
Jsp Store Locator
jsp_store_locator
2 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-12301
1Joomlaserviceprovider
1Jsp Store Locator
Jun 9, 2025
May 15, 2025
N/A· v4
6.5 MEDIUM· v3
N/A· v2
The JSP Store Locator WordPress plugin through 1.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks.
CVE-2024-11267
1Joomlaserviceprovider
1Jsp Store Locator
Jun 12, 2025
May 15, 2025
N/A· v4
8.8 HIGH· v3
N/A· v2
The JSP Store Locator WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing user with Contributor to perform SQL injection attacks.
CVE-2023-39987
1Joomlaserviceprovider
1Wsecure
Nov 21, 2024
Sep 4, 2023
N/A· v4
4.8 MEDIUM· v3
N/A· v2
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay Lulia wSecure Lite plugin <= 2.5 versions.
CVE-2016-10960
1Joomlaserviceprovider
1Wsecure
Nov 21, 2024
Sep 16, 2019
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter.