Description
WordPress Plugin Store Locator Plus for WordPress is prone to a privilege escalation vulnerability. Exploiting this issue may allow attackers to bypass the expected capabilities check and perform otherwise restricted actions; other attacks are also possible. WordPress Plugin Store Locator Plus for WordPress version 5.5.14 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 5.7 or latest
References
Related Vulnerabilities
ownCloud Other Vulnerability (CVE-2015-6670)
WordPress Plugin Font-official webfonts plugin of Fonts For Web Directory Traversal (7.5)
Oracle JRE CVE-2014-0464 Vulnerability (CVE-2014-0464)
WordPress Plugin WordPress OpenID Connect Client Cross-Site Scripting (2.1.4)
WordPress Plugin Video.js-HTML5 Video Player for Wordpress Cross-Site Scripting (4.5.0)