Plataforma
wordpress
Componente
superstorefinder-wp
Corrigido em
7.5.1
CVE-2025-52720 describes a SQL Injection vulnerability discovered in the Super Store Finder WordPress plugin. This flaw allows attackers to inject malicious SQL code, potentially leading to unauthorized data access and manipulation. The vulnerability impacts versions from 0.0.0 through 7.5, and a patch is available in version 7.5.1.
The SQL Injection vulnerability in Super Store Finder poses a significant risk to WordPress sites utilizing the plugin. An attacker could leverage this flaw to bypass authentication mechanisms, directly query the database, and extract sensitive information such as user credentials, customer data, order details, and potentially even database schema information. Successful exploitation could lead to complete compromise of the affected WordPress site and its associated data. The potential for data exfiltration and modification is high, making this a critical security concern.
CVE-2025-52720 was publicly disclosed on 2025-08-14. The vulnerability's severity is considered high due to the potential for data exfiltration and system compromise. No public proof-of-concept exploits are currently known, but the SQL Injection nature of the vulnerability makes it likely that exploits will emerge. Monitor security advisories and threat intelligence feeds for updates.
WordPress sites utilizing the Super Store Finder plugin, particularly those running older versions (0.0.0–7.5), are at significant risk. Shared hosting environments where multiple websites share the same database are especially vulnerable, as a compromise of one site could potentially impact others.
• wordpress / composer / npm:
grep -r "superstorefinder-wp" /var/www/html/wp-content/plugins/• wordpress / composer / npm:
wp plugin list | grep superstorefinder-wp• wordpress / composer / npm:
curl -I <your_wordpress_site>/wp-content/plugins/superstorefinder-wp/ # Check for unusual file modificationsdisclosure
Status do Exploit
EPSS
0.04% (percentil 11%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2025-52720 is to immediately upgrade the Super Store Finder plugin to version 7.5.1 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) rule to filter potentially malicious SQL queries targeting the plugin's vulnerable endpoints. Additionally, review and restrict database user permissions to minimize the impact of a successful SQL Injection attack. After upgrade, confirm the vulnerability is resolved by attempting a SQL injection attack on the vulnerable endpoint and verifying that it is blocked or handled safely.
Actualice el plugin Super Store Finder a la última versión disponible para mitigar la vulnerabilidad de inyección SQL. Verifique las actualizaciones del plugin en el panel de administración de WordPress o en el repositorio oficial de plugins de WordPress. Implemente medidas de seguridad adicionales, como la validación y el saneamiento de las entradas del usuario, para prevenir futuras vulnerabilidades.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2025-52720 is a critical SQL Injection vulnerability affecting the Super Store Finder WordPress plugin, allowing attackers to inject malicious SQL code and potentially access sensitive data.
If you are using Super Store Finder versions 0.0.0 through 7.5, you are affected by this vulnerability. Upgrade to version 7.5.1 or later to mitigate the risk.
The recommended fix is to upgrade the Super Store Finder plugin to version 7.5.1 or later. If immediate upgrade is not possible, implement WAF rules and restrict database user permissions.
While no public exploits are currently known, the SQL Injection nature of the vulnerability suggests potential for exploitation. Monitor security advisories for updates.
Refer to the Super Store Finder plugin's official website or WordPress plugin repository for the latest advisory and update information.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.