The JSP Store Locator WordPress plugin through 1.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks.
References
| Link | Resource |
|---|---|
| https://wpscan.com/vulnerability/5d93db07-415f-475b-a76d-2e12f849a4dc/ | Exploit Third Party Advisory |
| https://wpscan.com/vulnerability/5d93db07-415f-475b-a76d-2e12f849a4dc/ | Exploit Third Party Advisory |
Configurations
History
09 Jun 2025, 18:42
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:joomlaserviceprovider:jsp_store_locator:*:*:*:*:*:wordpress:*:* | |
| CWE | CWE-352 | |
| References | () https://wpscan.com/vulnerability/5d93db07-415f-475b-a76d-2e12f849a4dc/ - Exploit, Third Party Advisory | |
| First Time |
Joomlaserviceprovider jsp Store Locator
Joomlaserviceprovider |
20 May 2025, 20:15
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
| References | () https://wpscan.com/vulnerability/5d93db07-415f-475b-a76d-2e12f849a4dc/ - |
16 May 2025, 14:43
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
15 May 2025, 20:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-05-15 20:15
Updated : 2025-06-09 18:42
NVD link : CVE-2024-12301
Mitre link : CVE-2024-12301
CVE.ORG link : CVE-2024-12301
JSON object : View
Products Affected
joomlaserviceprovider
- jsp_store_locator
CWE
CWE-352
Cross-Site Request Forgery (CSRF)