Instawp String Locator — known CVE vulnerabilities
Every CVE whose affected-product data names Instawp String Locator, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2022-2434 — CVSS 8.8 (high): The String Locator plugin for WordPress is vulnerable to deserialization of untrusted input via the 'string-locator-path' parameter in…
CVE-2024-10936 — CVSS 8.8 (high): The String locator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.6 via…
CVE-2023-6987 — CVSS 6.1 (medium): The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up…