Store Locator Plus WordPress Plugin Multiple Input Validation Vulnerabilities
BID:53795
Info
Store Locator Plus WordPress Plugin Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 53795 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 05 2012 12:00AM |
| Updated: | Jun 05 2012 12:00AM |
| Credit: | Sammy FORGIT |
| Vulnerable: |
Store Locator Plus Store Locator Plus 3.0.1 |
| Not Vulnerable: | |
Discussion
Store Locator Plus WordPress Plugin Multiple Input Validation Vulnerabilities
Store Locator Plus plugin for WordPress is prone to multiple input-validation vulnerabilities, which includes:
1. An SQL-injection vulnerability.
2. An open-email-relay vulnerability.
3. An information-disclosure vulnerability.
An attacker could exploit these issues to obtain sensitive information, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or to send unsolicited spam email to an unrestricted number of email addresses from a forged email address.
Store Locator Plus 3.0.1 is vulnerable; other versions may also be affected.
Store Locator Plus plugin for WordPress is prone to multiple input-validation vulnerabilities, which includes:
1. An SQL-injection vulnerability.
2. An open-email-relay vulnerability.
3. An information-disclosure vulnerability.
An attacker could exploit these issues to obtain sensitive information, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or to send unsolicited spam email to an unrestricted number of email addresses from a forged email address.
Store Locator Plus 3.0.1 is vulnerable; other versions may also be affected.
Exploit / POC
Store Locator Plus WordPress Plugin Multiple Input Validation Vulnerabilities
An attacker can exploit these issues through a browser.
An attacker can exploit these issues through a browser.
Solution / Fix
Store Locator Plus WordPress Plugin Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Store Locator Plus WordPress Plugin Multiple Input Validation Vulnerabilities
References:
References:
- Store Locator Plus Home Page (Storelocatorplus)
- WordPress Homepage (WordPress)