Known Vulnerabilities for products from Plainware

Listed below are 6 of the newest known vulnerabilities associated with the vendor "Plainware".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE	Shortened Description	Severity	Publish Date	Last Modified
CVE-2025-62140 json		Not Provided	2025-12-31	2026-04-01
CVE-2025-32623 json		Not Provided	2025-04-09	2026-04-01
CVE-2025-24557 json		Not Provided	2025-02-03	2026-04-01
CVE-2024-56291 json		Not Provided	2025-01-07	2026-04-01
CVE-2024-56283 json		Not Provided	2025-01-07	2026-04-01
CVE-2024-44040 json		Not Provided	2024-10-06	2026-04-01
CVE-2023-29425 json	RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new secur...	8.8 - HIGH	2023-11-12	2023-11-16
CVE-2023-29424 json	Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Plainware ShiftController Employee Shift Scheduling plugin ...	4.8 - MEDIUM	2023-06-26	2023-06-30
CVE-2023-25709 json	Cross-Site Request Forgery (CSRF) vulnerability in Plainware Locatoraid Store Locator plugin <= 3.9.11 versions.	8.8 - HIGH	2023-03-15	2023-11-07
CVE-2023-4476 json	The Locatoraid Store Locator WordPress plugin before 3.9.24 does not sanitise and escape the lpr-search parameter before outp...	6.1 - MEDIUM	2023-09-25	2023-11-07
CVE-2023-2031 json	The Locatoraid Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) ...	Not Provided	2023-06-09	2026-04-08
CVE-2023-1978 json	The ShiftController Employee Shift Scheduling plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the qu...	Not Provided	2023-06-09	2026-04-08