Store Locator Plus <= 5.5.14 - Authenticated Privilege Escalation
There is functionality in the plugin that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin.
**Partially unpatched because they added CSRF protection that technically blocks low-level users from using the endpoint, however, no capability check was added.
Proof of Concept
The PoC will be displayed once the issue has been remediated