無料スキャン
CRITICALCVE-2025-39445CVSS 9.3

WordPress Super Store Finder <= 7.2 - SQL Injection Vulnerability

翻訳中…

プラットフォーム

wordpress

コンポーネント

superstorefinder-wp

修正版

7.2.1

AI Confidence: highNVDEPSS 0.2%レビュー済み: 2026年5月
NVDで見る
保存
あなたの言語に翻訳中…

CVE-2025-39445 identifies a SQL Injection vulnerability within the Super Store Finder WordPress plugin. This flaw allows attackers to inject malicious SQL code, potentially leading to unauthorized data access and manipulation. The vulnerability impacts versions from 0.0.0 up to and including 7.2, and a patch is available in version 7.2.1.

WordPress

このCVEがあなたのプロジェクトに影響するか確認

依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。

無料スキャン

影響と攻撃シナリオ翻訳中…

The SQL Injection vulnerability in Super Store Finder poses a significant risk to WordPress sites utilizing the plugin. An attacker could leverage this flaw to bypass authentication mechanisms, directly query the database, and extract sensitive information such as user credentials, customer data, order details, and potentially even database schema information. Successful exploitation could lead to complete compromise of the WordPress site and associated data. The impact is particularly severe if the database contains personally identifiable information (PII) or financial data, potentially leading to regulatory fines and reputational damage. While no specific exploitation patterns have been publicly linked to this CVE yet, SQL Injection vulnerabilities are frequently targeted, making this a high-priority concern.

悪用の状況翻訳中…

CVE-2025-39445 was publicly disclosed on 2025-05-19. Its severity is classified as CRITICAL with a CVSS score of 9.3. As of this writing, there are no publicly available proof-of-concept exploits, and it is not listed on the CISA KEV catalog. However, given the nature of SQL Injection vulnerabilities, it is highly probable that attackers will actively seek to exploit this flaw, especially if it remains unpatched.

リスク対象者翻訳中…

WordPress websites utilizing the Super Store Finder plugin, particularly those with e-commerce functionality or handling sensitive user data, are at significant risk. Shared hosting environments where plugin updates are managed by the hosting provider may also be vulnerable if they have not yet applied the update.

検出手順翻訳中…

• wordpress / composer / npm:

grep -r "superstorefinder-wp" /var/www/html/
wp plugin list | grep superstorefinder-wp

• generic web:

curl -I https://your-wordpress-site.com/wp-content/plugins/superstorefinder-wp/ | grep SQL

攻撃タイムライン

  1. Disclosure

    disclosure

脅威インテリジェンス

エクスプロイト状況

概念実証不明
CISA KEVNO
インターネット露出

EPSS

0.23% (46% パーセンタイル)

CISA SSVC

悪用状況none
自動化可能yes
技術的影響partial

CVSS ベクトル

脅威インテリジェンス· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L9.3CRITICALAttack VectorNetwork攻撃者がターゲットに到達する方法Attack ComplexityLow悪用に必要な条件Privileges RequiredNone攻撃に必要な認証レベルUser InteractionNone被害者の操作が必要かどうかScopeChanged影響コンポーネント外への波及ConfidentialityHigh機密データ漏洩のリスクIntegrityNone不正データ改ざんのリスクAvailabilityLowサービス障害のリスクnextguardhq.com · CVSS v3.1 基本スコア
これらのメトリクスの意味は?
Attack Vector
ネットワーク — インターネット経由でリモートから悪用可能。物理・ローカルアクセス不要。
Attack Complexity
低 — 特別な条件不要。安定して悪用可能。
Privileges Required
なし — 認証不要。資格情報なしで悪用可能。
User Interaction
なし — 自動かつ無音の攻撃。被害者は何もしない。
Scope
変化あり — 攻撃が脆弱なコンポーネントを超えて他のシステムに波及可能。
Confidentiality
高 — 機密性の完全喪失。全データが読み取り可能。
Integrity
なし — 完全性への影響なし。
Availability
低 — 部分的または断続的なサービス拒否。

影響を受けるソフトウェア

コンポーネントsuperstorefinder-wp
ベンダーhighwarden
影響範囲修正版
0 – 7.27.2.1

弱点分類 (CWE)

CWE-89

タイムライン

  1. 予約済み
  2. 公開日
  3. 更新日
  4. EPSS 更新日

緩和策と回避策翻訳中…

The primary mitigation for CVE-2025-39445 is to immediately upgrade the Super Store Finder plugin to version 7.2.1 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing temporary workarounds. These may include restricting database user permissions to limit the impact of a successful injection, or implementing input validation and sanitization techniques within the plugin's code (if possible). Web Application Firewalls (WAFs) configured with rules to detect and block SQL Injection attempts can also provide an additional layer of defense. After upgrading, verify the fix by attempting a SQL Injection payload through the plugin's vulnerable endpoints and confirming that it is properly sanitized.

修正方法翻訳中…

Actualice el plugin Super Store Finder a la última versión disponible para mitigar la vulnerabilidad de inyección SQL.  Verifique las actualizaciones disponibles en el repositorio de plugins de WordPress o en el sitio web del desarrollador.  Implemente medidas de seguridad adicionales, como la validación y el saneamiento de las entradas del usuario, para prevenir futuras vulnerabilidades.

CVEセキュリティニュースレター

脆弱性分析と重要アラートをメールでお届けします。

よくある質問翻訳中…

What is CVE-2025-39445 — SQL Injection in Super Store Finder?

CVE-2025-39445 is a critical SQL Injection vulnerability affecting the Super Store Finder WordPress plugin, allowing attackers to potentially extract data from the database.

Am I affected by CVE-2025-39445 in Super Store Finder?

If you are using Super Store Finder versions 0.0.0 through 7.2, you are affected by this vulnerability. Upgrade to 7.2.1 or later to mitigate the risk.

How do I fix CVE-2025-39445 in Super Store Finder?

The recommended fix is to upgrade the Super Store Finder plugin to version 7.2.1 or a later version. Consider temporary workarounds if immediate upgrade is not possible.

Is CVE-2025-39445 being actively exploited?

While no active exploitation has been publicly confirmed, the vulnerability is considered high-risk due to the nature of SQL Injection and the potential for rapid exploitation.

Where can I find the official Super Store Finder advisory for CVE-2025-39445?

Refer to the Super Store Finder plugin's official website or WordPress plugin repository for the latest advisory and update information.

あなたのプロジェクトは影響を受けていますか?

依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。

無料スキャンCVEを検索