Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 17 Jun 2026 05:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-200 |
Mon, 15 Jun 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Sat, 13 Jun 2026 09:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Store Locator Wordpress
Store Locator Wordpress store Locator Wordpress Wordpress Wordpress wordpress |
|
| Vendors & Products |
Store Locator Wordpress
Store Locator Wordpress store Locator Wordpress Wordpress Wordpress wordpress |
Sat, 13 Jun 2026 09:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-200 CWE-22 |
Sat, 13 Jun 2026 07:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing high-privileged users such as administrators to read arbitrary `.php` files from the server, including configuration files that contain database credentials and authentication keys. | |
| Title | Agile Store Locator < 1.6.9 - Admin+ Arbitrary File Read via Path Traversal | |
| References |
|
Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2026-06-15T14:48:05.704Z
Reserved: 2026-05-20T07:40:03.537Z
Link: CVE-2026-9062
Updated: 2026-06-15T14:47:39.301Z
Status : Deferred
Published: 2026-06-13T07:16:14.757
Modified: 2026-06-15T20:50:47.973
Link: CVE-2026-9062
No data.
OpenCVE Enrichment
Updated: 2026-06-17T19:30:11Z