Plateforme
wordpress
Composant
superstorefinder-wp
Corrigé dans
7.2.1
CVE-2025-39445 identifies a SQL Injection vulnerability within the Super Store Finder WordPress plugin. This flaw allows attackers to inject malicious SQL code, potentially leading to unauthorized data access and manipulation. The vulnerability impacts versions from 0.0.0 up to and including 7.2, and a patch is available in version 7.2.1.
The SQL Injection vulnerability in Super Store Finder poses a significant risk to WordPress sites utilizing the plugin. An attacker could leverage this flaw to bypass authentication mechanisms, directly query the database, and extract sensitive information such as user credentials, customer data, order details, and potentially even database schema information. Successful exploitation could lead to complete compromise of the WordPress site and associated data. The impact is particularly severe if the database contains personally identifiable information (PII) or financial data, potentially leading to regulatory fines and reputational damage. While no specific exploitation patterns have been publicly linked to this CVE yet, SQL Injection vulnerabilities are frequently targeted, making this a high-priority concern.
CVE-2025-39445 was publicly disclosed on 2025-05-19. Its severity is classified as CRITICAL with a CVSS score of 9.3. As of this writing, there are no publicly available proof-of-concept exploits, and it is not listed on the CISA KEV catalog. However, given the nature of SQL Injection vulnerabilities, it is highly probable that attackers will actively seek to exploit this flaw, especially if it remains unpatched.
WordPress websites utilizing the Super Store Finder plugin, particularly those with e-commerce functionality or handling sensitive user data, are at significant risk. Shared hosting environments where plugin updates are managed by the hosting provider may also be vulnerable if they have not yet applied the update.
• wordpress / composer / npm:
grep -r "superstorefinder-wp" /var/www/html/
wp plugin list | grep superstorefinder-wp• generic web:
curl -I https://your-wordpress-site.com/wp-content/plugins/superstorefinder-wp/ | grep SQLdisclosure
Statut de l'Exploit
EPSS
0.23% (percentile 46%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2025-39445 is to immediately upgrade the Super Store Finder plugin to version 7.2.1 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing temporary workarounds. These may include restricting database user permissions to limit the impact of a successful injection, or implementing input validation and sanitization techniques within the plugin's code (if possible). Web Application Firewalls (WAFs) configured with rules to detect and block SQL Injection attempts can also provide an additional layer of defense. After upgrading, verify the fix by attempting a SQL Injection payload through the plugin's vulnerable endpoints and confirming that it is properly sanitized.
Actualice el plugin Super Store Finder a la última versión disponible para mitigar la vulnerabilidad de inyección SQL. Verifique las actualizaciones disponibles en el repositorio de plugins de WordPress o en el sitio web del desarrollador. Implemente medidas de seguridad adicionales, como la validación y el saneamiento de las entradas del usuario, para prevenir futuras vulnerabilidades.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-39445 is a critical SQL Injection vulnerability affecting the Super Store Finder WordPress plugin, allowing attackers to potentially extract data from the database.
If you are using Super Store Finder versions 0.0.0 through 7.2, you are affected by this vulnerability. Upgrade to 7.2.1 or later to mitigate the risk.
The recommended fix is to upgrade the Super Store Finder plugin to version 7.2.1 or a later version. Consider temporary workarounds if immediate upgrade is not possible.
While no active exploitation has been publicly confirmed, the vulnerability is considered high-risk due to the nature of SQL Injection and the potential for rapid exploitation.
Refer to the Super Store Finder plugin's official website or WordPress plugin repository for the latest advisory and update information.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.