Superstorefinder

Super Store Finder

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.2

CVE-2024-13440

  • EPSS 0.48%
  • Veröffentlicht 09.02.2025 05:15:22
  • Zuletzt bearbeitet 13.02.2025 17:17:19

The Super Store Finder plugin for WordPress is vulnerable to SQL Injection via the ‘ssf_wp_user_name’ parameter in all versions up to, and including, 7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...

6.1

CVE-2024-43975

  • EPSS 0.25%
  • Veröffentlicht 18.09.2024 00:15:07
  • Zuletzt bearbeitet 25.09.2024 14:13:32

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in highwarden Super Store Finder allows Cross-Site Scripting (XSS).This issue affects Super Store Finder: from n/a through 6.9.7.

9.8

CVE-2024-43976

  • EPSS 0.52%
  • Veröffentlicht 17.09.2024 23:15:18
  • Zuletzt bearbeitet 24.09.2024 16:32:37

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a through 6.9.7.

9.8

CVE-2024-43978

  • EPSS 0.68%
  • Veröffentlicht 17.09.2024 23:15:18
  • Zuletzt bearbeitet 24.09.2024 16:44:01

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a before 6.9.8.

8.8

CVE-2023-43835

Exploit
  • EPSS 3.5%
  • Veröffentlicht 02.10.2023 20:15:10
  • Zuletzt bearbeitet 21.11.2024 08:24:51

Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content.

7.2

CVE-2023-44044

Exploit
  • EPSS 0.27%
  • Veröffentlicht 27.09.2023 15:19:35
  • Zuletzt bearbeitet 21.11.2024 08:25:10

Super Store Finder v3.6 and below was discovered to contain a SQL injection vulnerability via the Search parameter at /admin/stores.php.

5.3

CVE-2023-5054

  • EPSS 0.18%
  • Veröffentlicht 19.09.2023 07:15:51
  • Zuletzt bearbeitet 21.11.2024 08:40:59

The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.3. This is due to insufficient restrictions on the sendMail.php file that allows direct access. This...

9.8

CVE-2023-41507

Exploit
  • EPSS 0.51%
  • Veröffentlicht 05.09.2023 22:15:09
  • Zuletzt bearbeitet 21.11.2024 08:21:15

Super Store Finder v3.6 was discovered to contain multiple SQL injection vulnerabilities in the store locator component via the products, distance, lat, and lng parameters.

9.8

CVE-2023-41508

Exploit
  • EPSS 7.17%
  • Veröffentlicht 05.09.2023 21:15:47
  • Zuletzt bearbeitet 21.11.2024 08:21:15

A hard coded password in Super Store Finder v3.6 allows attackers to access the administration panel.

9.8

CVE-2023-3751

  • EPSS 0.04%
  • Veröffentlicht 19.07.2023 00:15:09
  • Zuletzt bearbeitet 21.11.2024 08:17:58

A vulnerability was found in Super Store Finder 3.6. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php of the component POST Parameter Handler. The manipulation of the argument product...