免费扫描
CRITICALCVE-2025-39445CVSS 9.3

WordPress Super Store Finder <= 7.2 - SQL Injection Vulnerability

翻译中…

平台

wordpress

组件

superstorefinder-wp

修复版本

7.2.1

AI Confidence: highNVDEPSS 0.2%已审阅: 2026年5月
在NVD查看
保存
正在翻译为您的语言…

CVE-2025-39445 identifies a SQL Injection vulnerability within the Super Store Finder WordPress plugin. This flaw allows attackers to inject malicious SQL code, potentially leading to unauthorized data access and manipulation. The vulnerability impacts versions from 0.0.0 up to and including 7.2, and a patch is available in version 7.2.1.

WordPress

检测此 CVE 是否影响你的项目

上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。

免费扫描

影响与攻击场景翻译中…

The SQL Injection vulnerability in Super Store Finder poses a significant risk to WordPress sites utilizing the plugin. An attacker could leverage this flaw to bypass authentication mechanisms, directly query the database, and extract sensitive information such as user credentials, customer data, order details, and potentially even database schema information. Successful exploitation could lead to complete compromise of the WordPress site and associated data. The impact is particularly severe if the database contains personally identifiable information (PII) or financial data, potentially leading to regulatory fines and reputational damage. While no specific exploitation patterns have been publicly linked to this CVE yet, SQL Injection vulnerabilities are frequently targeted, making this a high-priority concern.

利用背景翻译中…

CVE-2025-39445 was publicly disclosed on 2025-05-19. Its severity is classified as CRITICAL with a CVSS score of 9.3. As of this writing, there are no publicly available proof-of-concept exploits, and it is not listed on the CISA KEV catalog. However, given the nature of SQL Injection vulnerabilities, it is highly probable that attackers will actively seek to exploit this flaw, especially if it remains unpatched.

哪些人处于风险中翻译中…

WordPress websites utilizing the Super Store Finder plugin, particularly those with e-commerce functionality or handling sensitive user data, are at significant risk. Shared hosting environments where plugin updates are managed by the hosting provider may also be vulnerable if they have not yet applied the update.

检测步骤翻译中…

• wordpress / composer / npm:

grep -r "superstorefinder-wp" /var/www/html/
wp plugin list | grep superstorefinder-wp

• generic web:

curl -I https://your-wordpress-site.com/wp-content/plugins/superstorefinder-wp/ | grep SQL

攻击时间线

  1. Disclosure

    disclosure

威胁情报

漏洞利用状态

概念验证未知
CISA KEVNO
互联网暴露

EPSS

0.23% (46% 百分位)

CISA SSVC

利用情况none
可自动化yes
技术影响partial

CVSS 向量

威胁情报· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L9.3CRITICALAttack VectorNetwork攻击者如何到达目标Attack ComplexityLow利用漏洞所需的条件Privileges RequiredNone攻击所需的认证级别User InteractionNone是否需要受害者采取行动ScopeChanged超出受影响组件的影响范围ConfidentialityHigh敏感数据泄露风险IntegrityNone数据未授权篡改风险AvailabilityLow服务中断风险nextguardhq.com · CVSS v3.1 基础分数
这些指标意味着什么?
Attack Vector
网络 — 可通过互联网远程利用,无需物理或本地访问。攻击面最大。
Attack Complexity
低 — 无需特殊条件,可以稳定地利用漏洞。
Privileges Required
无 — 无需认证,无需凭证即可利用。
User Interaction
无 — 攻击自动且无声,受害者无需任何操作。
Scope
已改变 — 攻击可以超出脆弱组件,影响其他系统。
Confidentiality
高 — 完全丧失机密性,攻击者可读取所有数据。
Integrity
无 — 无完整性影响。
Availability
低 — 部分或间歇性拒绝服务。

受影响的软件

组件superstorefinder-wp
供应商highwarden
影响范围修复版本
0 – 7.27.2.1

弱点分类 (CWE)

CWE-89

时间线

  1. 已保留
  2. 发布日期
  3. 修改日期
  4. EPSS 更新日期

缓解措施和替代方案翻译中…

The primary mitigation for CVE-2025-39445 is to immediately upgrade the Super Store Finder plugin to version 7.2.1 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing temporary workarounds. These may include restricting database user permissions to limit the impact of a successful injection, or implementing input validation and sanitization techniques within the plugin's code (if possible). Web Application Firewalls (WAFs) configured with rules to detect and block SQL Injection attempts can also provide an additional layer of defense. After upgrading, verify the fix by attempting a SQL Injection payload through the plugin's vulnerable endpoints and confirming that it is properly sanitized.

修复方法翻译中…

Actualice el plugin Super Store Finder a la última versión disponible para mitigar la vulnerabilidad de inyección SQL.  Verifique las actualizaciones disponibles en el repositorio de plugins de WordPress o en el sitio web del desarrollador.  Implemente medidas de seguridad adicionales, como la validación y el saneamiento de las entradas del usuario, para prevenir futuras vulnerabilidades.

CVE 安全通讯

漏洞分析和关键警报直接发送到您的邮箱。

常见问题翻译中…

What is CVE-2025-39445 — SQL Injection in Super Store Finder?

CVE-2025-39445 is a critical SQL Injection vulnerability affecting the Super Store Finder WordPress plugin, allowing attackers to potentially extract data from the database.

Am I affected by CVE-2025-39445 in Super Store Finder?

If you are using Super Store Finder versions 0.0.0 through 7.2, you are affected by this vulnerability. Upgrade to 7.2.1 or later to mitigate the risk.

How do I fix CVE-2025-39445 in Super Store Finder?

The recommended fix is to upgrade the Super Store Finder plugin to version 7.2.1 or a later version. Consider temporary workarounds if immediate upgrade is not possible.

Is CVE-2025-39445 being actively exploited?

While no active exploitation has been publicly confirmed, the vulnerability is considered high-risk due to the nature of SQL Injection and the potential for rapid exploitation.

Where can I find the official Super Store Finder advisory for CVE-2025-39445?

Refer to the Super Store Finder plugin's official website or WordPress plugin repository for the latest advisory and update information.

你的项目受影响吗?

上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。

免费扫描搜索 CVE