CVE-2025-24680

Name of the Vulnerable Software and Affected Versions WP Multi Store Locator versions 2.4.7 and earlier

Description The issue is related to improper neutralization of script-related HTML tags in a web page, which allows for Reflected XSS attacks. This means that an attacker can inject malicious scripts into a webpage, potentially leading to unauthorized actions on the user's behalf.

Recommendations For versions 2.4.7 and earlier, update to a version later than 2.4.7 to resolve the issue. As a temporary workaround, consider disabling any functionality that allows user-inputted data to be reflected in the webpage until a patch is available. Restrict access to sensitive areas of the webpage to minimize the risk of exploitation.