CVE-2025-24676

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Feb 3, 2025

CWE ID 79

Summary

CVE-2025-24676 is a Cross-site Scripting (XSS) vulnerability affecting the Custom WP Store Locator plugin from versions n/a through 1.4.7. The flaw lies in the plugin's failure to properly neutralize user inputs during web page generation. An attacker can exploit this to inject malicious scripts into the webpage, potentially stealing user data or taking control of their sessions. This poses a significant risk, especially in public-facing websites, and requires immediate attention and patching.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2umYyS
https://www.cve.org/CVERecord?id=CVE-2025-24676
https://nvd.nist.gov/vuln/detail/CVE-2025-24676

Back to Vulnerability Database

CVE-2025-24676

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations