Super Store Finder Security Vulnerabilities and Issues — Super Store Finder CVE List

Lucene search

SuperstorefinderSuper Store Finder

10 matches found

CVE•added 2025/02/09 5:15 a.m.•64 views

CVE-2024-13440

The Super Store Finder plugin for WordPress is vulnerable to SQL Injection via the ‘ssf_wp_user_name’ parameter in all versions up to, and including, 7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible ...

8.2CVSS7.6AI score0.00083EPSS

CVE•added 2023/10/02 8:15 p.m.•45 views

CVE-2023-43835

Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content.

8.8CVSS8.9AI score0.03503EPSS

CVE•added 2024/09/17 11:15 p.m.•42 views

CVE-2024-43978

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a before 6.9.8.

9.8CVSS9.9AI score0.00571EPSS

CVE•added 2023/09/19 7:15 a.m.•37 views

CVE-2023-5054

The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.3. This is due to insufficient restrictions on the sendMail.php file that allows direct access. This makes it possible for unauthenticated attackers ...

5.8CVSS5.5AI score0.00188EPSS

CVE•added 2024/09/17 11:15 p.m.•37 views

CVE-2024-43976

9.8CVSS9.9AI score0.00355EPSS

CVE•added 2024/09/18 12:15 a.m.•30 views

CVE-2024-43975

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in highwarden Super Store Finder allows Cross-Site Scripting (XSS).This issue affects Super Store Finder: from n/a through 6.9.7.

7.1CVSS6.4AI score0.00077EPSS

CVE•added 2023/07/19 12:15 a.m.•27 views

CVE-2023-3751

A vulnerability was found in Super Store Finder 3.6. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php of the component POST Parameter Handler. The manipulation of the argument products leads to sql injection. The attack can be launc...

9.8CVSS8.3AI score0.00037EPSS

CVE•added 2023/09/05 10:15 p.m.•27 views

CVE-2023-41507

Super Store Finder v3.6 was discovered to contain multiple SQL injection vulnerabilities in the store locator component via the products, distance, lat, and lng parameters.

9.8CVSS9.9AI score0.00509EPSS

CVE•added 2023/09/05 9:15 p.m.•24 views

CVE-2023-41508

A hard coded password in Super Store Finder v3.6 allows attackers to access the administration panel.

9.8CVSS9.3AI score0.07165EPSS

CVE•added 2023/09/27 3:19 p.m.•22 views

CVE-2023-44044

Super Store Finder v3.6 and below was discovered to contain a SQL injection vulnerability via the Search parameter at /admin/stores.php.

7.2CVSS7.2AI score0.00272EPSS