vendor:
Store Locator Plus
by:
Sammy FORGIT
7.5
CVSS
HIGH
Information Disclosure, Send Email, Blind SQL Injection
200, 532
CWE
Product Name: Store Locator Plus
Affected Version From: 2.7.2001
Affected Version To: 3.0.1
Patch Exists: NO
Related CWE:
CPE: a:wordpress:store_locator_le:3.0.1
Platforms Tested:
2012
WordPress Plugins – Google Maps via Store Locator Plus Multiple Vulnerability
The vulnerability allows an attacker to disclose sensitive information, send arbitrary emails, and perform blind SQL injection attacks. The attacker can access the website's configuration file, send emails with arbitrary content, and execute arbitrary SQL queries.
Mitigation:
Update to a version higher than 3.0.1 or remove the plugin.