Vulnerabilities > Superstorefinder

DATE CVE VULNERABILITY TITLE RISK
2024-09-18 CVE-2024-43975 Cross-site Scripting vulnerability in Superstorefinder Super Store Finder
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in highwarden Super Store Finder allows Cross-Site Scripting (XSS).This issue affects Super Store Finder: from n/a through 6.9.7.
network
low complexity
superstorefinder CWE-79
6.1
2024-09-17 CVE-2024-43976 SQL Injection vulnerability in Superstorefinder Super Store Finder
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a through 6.9.7.
network
low complexity
superstorefinder CWE-89
critical
9.8
2024-09-17 CVE-2024-43978 SQL Injection vulnerability in Superstorefinder Super Store Finder
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a before 6.9.8.
network
low complexity
superstorefinder CWE-89
critical
9.8
2023-10-02 CVE-2023-43835 Injection vulnerability in Superstorefinder Super Store Finder
Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content.
network
low complexity
superstorefinder CWE-74
8.8
2023-09-27 CVE-2023-44044 SQL Injection vulnerability in Superstorefinder Super Store Finder
Super Store Finder v3.6 and below was discovered to contain a SQL injection vulnerability via the Search parameter at /admin/stores.php.
network
low complexity
superstorefinder CWE-89
7.2
2023-09-19 CVE-2023-5054 Unspecified vulnerability in Superstorefinder Super Store Finder
The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.3.
network
low complexity
superstorefinder
5.3
2023-09-14 CVE-2023-38912 SQL Injection vulnerability in Superstorefinder PHP Script 3.6
SQL injection vulnerability in Super Store Finder PHP Script v.3.6 allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter.
network
low complexity
superstorefinder CWE-89
critical
9.8
2023-09-05 CVE-2023-41507 SQL Injection vulnerability in Superstorefinder Super Store Finder 3.6
Super Store Finder v3.6 was discovered to contain multiple SQL injection vulnerabilities in the store locator component via the products, distance, lat, and lng parameters.
network
low complexity
superstorefinder CWE-89
critical
9.8
2023-09-05 CVE-2023-41508 Use of Hard-coded Credentials vulnerability in Superstorefinder Super Store Finder 3.6
A hard coded password in Super Store Finder v3.6 allows attackers to access the administration panel.
network
low complexity
superstorefinder CWE-798
critical
9.8
2023-07-19 CVE-2023-3751 Unspecified vulnerability in Superstorefinder Super Store Finder 3.6
A vulnerability was found in Super Store Finder 3.6.
network
low complexity
superstorefinder
critical
9.8