Description

WordPress Plugin Store Locator Plus for WordPress is prone to multiple vulnerabilities including an information disclosure vulnerability and a SQL injection vulnerability. Exploiting these issues could allow an attacker to obtain sensitive information, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin Store Locator Plus for WordPress versions from 2.7.1 to 3.0.1 are vulnerable; prior versions may also be affected.

Remediation

Restrict access to the wp-content/plugins/store-locator-le/core/load_wp_config.php file (e.g. via .htaccess) and edit the source code to ensure that input is properly sanitised

References

Related Vulnerabilities