Every CVE whose affected-product data names Plainware Locatoraid, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2023-4476 — CVSS 6.1 (medium): The Locatoraid Store Locator WordPress plugin before 3.9.24 does not sanitise and escape the lpr-search parameter before outputting it back…
CVE-2023-2031 — CVSS 5.4 (medium): The Locatoraid Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up…
CVE-2023-25709 — CVSS 5.4 (medium): Cross-Site Request Forgery (CSRF) vulnerability in Plainware Locatoraid Store Locator plugin <= 3.9.11 versions.