CVE-2026-3361

Name of the Vulnerable Software and Affected Versions WP Store Locator versions prior to 2.2.262

Description Insufficient input sanitization and output escaping allow authenticated attackers with contributor-level access and above to perform Stored Cross-Site Scripting. This is achieved via the wpsl address post meta value, enabling the injection of arbitrary web scripts that execute when a user accesses an affected page and opens an injected map marker info window.

Recommendations Update to a version newer than 2.2.261.