Summary
This host is running WordPress Google Maps Via Store Locator Plus Plugin and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attacker to obtain sensitive information, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database.
Impact Level: System/Application
Solution
Upgrade to Google Maps Via Store Locator Plus Plugin version 3.0.5 or later, For updates refer to http://wordpress.org/extend/plugins/store-locator-le
Insight
- An error exists due to the application displaying the installation path in debug output when accessing wp-content/plugins/store-locator-le/core/load_ wp_config.php.
- Input passed via the 'query' parameter to /wp-content/plugins/store- locator-le/downloadcsv.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Affected
WordPress Google Maps Via Store Locator Plus Plugin version 3.0.1
References
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- 3Com OfficeConnect VPN Firewall Default Password Security Bypass Vulnerability
- Apache Tomcat Windows Installer Privilege Escalation Vulnerability
- Atmail Multiple Unspecified Security Vulnerabilities.
- Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability
- AstroSPACES profile.php SQL Injection Vulnerability