Platform
wordpress
Component
superstorefinder-wp
Fixed in
7.5.1
CVE-2025-52720 describes a SQL Injection vulnerability discovered in the Super Store Finder WordPress plugin. This flaw allows attackers to inject malicious SQL code, potentially leading to unauthorized data access and manipulation. The vulnerability impacts versions from 0.0.0 through 7.5, and a patch is available in version 7.5.1.
The SQL Injection vulnerability in Super Store Finder poses a significant risk to WordPress sites utilizing the plugin. An attacker could leverage this flaw to bypass authentication mechanisms, directly query the database, and extract sensitive information such as user credentials, customer data, order details, and potentially even database schema information. Successful exploitation could lead to complete compromise of the affected WordPress site and its associated data. The potential for data exfiltration and modification is high, making this a critical security concern.
CVE-2025-52720 was publicly disclosed on 2025-08-14. The vulnerability's severity is considered high due to the potential for data exfiltration and system compromise. No public proof-of-concept exploits are currently known, but the SQL Injection nature of the vulnerability makes it likely that exploits will emerge. Monitor security advisories and threat intelligence feeds for updates.
Exploit Status
EPSS
0.04% (11% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-52720 is to immediately upgrade the Super Store Finder plugin to version 7.5.1 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) rule to filter potentially malicious SQL queries targeting the plugin's vulnerable endpoints. Additionally, review and restrict database user permissions to minimize the impact of a successful SQL Injection attack. After upgrade, confirm the vulnerability is resolved by attempting a SQL injection attack on the vulnerable endpoint and verifying that it is blocked or handled safely.
Update the Super Store Finder plugin to the latest available version to mitigate the SQL Injection vulnerability. Check for plugin updates in the WordPress admin panel or the official WordPress plugin repository. Implement additional security measures, such as user input validation and sanitization, to prevent future vulnerabilities.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-52720 is a critical SQL Injection vulnerability affecting the Super Store Finder WordPress plugin, allowing attackers to inject malicious SQL code and potentially access sensitive data.
If you are using Super Store Finder versions 0.0.0 through 7.5, you are affected by this vulnerability. Upgrade to version 7.5.1 or later to mitigate the risk.
The recommended fix is to upgrade the Super Store Finder plugin to version 7.5.1 or later. If immediate upgrade is not possible, implement WAF rules and restrict database user permissions.
While no public exploits are currently known, the SQL Injection nature of the vulnerability suggests potential for exploitation. Monitor security advisories for updates.
Refer to the Super Store Finder plugin's official website or WordPress plugin repository for the latest advisory and update information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.