A vulnerability described as problematic has been identified in Store Locator WordPress Plugin up to 1.6.5 on WordPress. This affects an unknown part of the component Setting Handler . Such manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2026-9060 . It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.