Super Store Finder
CVEs (15)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-52720 | Cri | 0.60 | 9.3 | 0.00 | Aug 14, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder superstorefinder-wp allows SQL Injection.This issue affects Super Store Finder: from n/a through <= 7.5. | ||
| CVE-2025-39445 | Cri | 0.60 | 9.3 | 0.00 | May 19, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder superstorefinder-wp allows SQL Injection.This issue affects Super Store Finder: from n/a through <= 7.2. | ||
| CVE-2024-43978 | Cri | 0.60 | 9.3 | 0.00 | Sep 17, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder superstorefinder-wp.This issue affects Super Store Finder: from n/a through < 6.9.8. | ||
| CVE-2024-43976 | Cri | 0.60 | 9.3 | 0.00 | Sep 17, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder superstorefinder-wp.This issue affects Super Store Finder: from n/a through <= 6.9.7. | ||
| CVE-2025-47571 | Hig | 0.49 | 7.5 | 0.00 | Sep 9, 2025 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in highwarden Super Store Finder superstorefinder-wp allows PHP Local File Inclusion.This issue affects Super Store Finder: from n/a through < 7.8. | ||
| CVE-2025-49413 | Hig | 0.46 | 7.1 | 0.00 | Aug 20, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in highwarden Super Store Finder superstorefinder-wp allows Reflected XSS.This issue affects Super Store Finder: from n/a through <= 7.6. | ||
| CVE-2024-43975 | Hig | 0.46 | 7.1 | 0.00 | Sep 18, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in highwarden Super Store Finder superstorefinder-wp.This issue affects Super Store Finder: from n/a through <= 6.9.7. | ||
| CVE-2023-5054 | Med | 0.38 | 5.8 | 0.01 | Sep 19, 2023 | The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.3. This is due to insufficient restrictions on the sendMail.php file that allows direct access. This makes it possible for… | ||
| CVE-2025-58939 | Med | 0.28 | 4.3 | 0.00 | Oct 29, 2025 | Cross-Site Request Forgery (CSRF) vulnerability in highwarden Super Store Finder superstorefinder-wp allows Cross Site Request Forgery.This issue affects Super Store Finder: from n/a through <= 7.5. | ||
| CVE-2023-41508 | 0.01 | — | 0.01 | Sep 5, 2023 | A hard coded password in Super Store Finder v3.6 allows attackers to access the administration panel. | |||
| CVE-2024-13440 | 0.00 | — | 0.00 | Feb 9, 2025 | The Super Store Finder plugin for WordPress is vulnerable to SQL Injection via the ‘ssf_wp_user_name’ parameter in all versions up to, and including, 7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.… | |||
| CVE-2023-43835 | 0.00 | — | 0.01 | Oct 2, 2023 | Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content. | |||
| CVE-2023-44044 | 0.00 | — | 0.01 | Sep 26, 2023 | Super Store Finder v3.6 and below was discovered to contain a SQL injection vulnerability via the Search parameter at /admin/stores.php. | |||
| CVE-2023-41507 | 0.00 | — | 0.01 | Sep 5, 2023 | Super Store Finder v3.6 was discovered to contain multiple SQL injection vulnerabilities in the store locator component via the products, distance, lat, and lng parameters. | |||
| CVE-2023-3751 | 0.00 | — | 0.00 | Jul 19, 2023 | A vulnerability was found in Super Store Finder 3.6. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php of the component POST Parameter Handler. The manipulation of the argument products leads to sql injection. The… |
- risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder superstorefinder-wp allows SQL Injection.This issue affects Super Store Finder: from n/a through <= 7.5.
- risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder superstorefinder-wp allows SQL Injection.This issue affects Super Store Finder: from n/a through <= 7.2.
- risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder superstorefinder-wp.This issue affects Super Store Finder: from n/a through < 6.9.8.
- risk 0.60cvss 9.3epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder superstorefinder-wp.This issue affects Super Store Finder: from n/a through <= 6.9.7.
- risk 0.49cvss 7.5epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in highwarden Super Store Finder superstorefinder-wp allows PHP Local File Inclusion.This issue affects Super Store Finder: from n/a through < 7.8.
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in highwarden Super Store Finder superstorefinder-wp allows Reflected XSS.This issue affects Super Store Finder: from n/a through <= 7.6.
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in highwarden Super Store Finder superstorefinder-wp.This issue affects Super Store Finder: from n/a through <= 6.9.7.
- risk 0.38cvss 5.8epss 0.01
The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.3. This is due to insufficient restrictions on the sendMail.php file that allows direct access. This makes it possible for…
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in highwarden Super Store Finder superstorefinder-wp allows Cross Site Request Forgery.This issue affects Super Store Finder: from n/a through <= 7.5.
- CVE-2023-41508Sep 5, 2023risk 0.01cvss —epss 0.01
A hard coded password in Super Store Finder v3.6 allows attackers to access the administration panel.
- CVE-2024-13440Feb 9, 2025risk 0.00cvss —epss 0.00
The Super Store Finder plugin for WordPress is vulnerable to SQL Injection via the ‘ssf_wp_user_name’ parameter in all versions up to, and including, 7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.…
- CVE-2023-43835Oct 2, 2023risk 0.00cvss —epss 0.01
Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content.
- CVE-2023-44044Sep 26, 2023risk 0.00cvss —epss 0.01
Super Store Finder v3.6 and below was discovered to contain a SQL injection vulnerability via the Search parameter at /admin/stores.php.
- CVE-2023-41507Sep 5, 2023risk 0.00cvss —epss 0.01
Super Store Finder v3.6 was discovered to contain multiple SQL injection vulnerabilities in the store locator component via the products, distance, lat, and lng parameters.
- CVE-2023-3751Jul 19, 2023risk 0.00cvss —epss 0.00
A vulnerability was found in Super Store Finder 3.6. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php of the component POST Parameter Handler. The manipulation of the argument products leads to sql injection. The…