- Description
- The Super Store Finder plugin for WordPress is vulnerable to SQL Injection via the ‘ssf_wp_user_name’ parameter in all versions up to, and including, 7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into an already existing query to store cross-site scripting in store reviews.
- Source
- security@wordfence.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 8.2
- Impact score
- 4.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
- Severity
- HIGH
- security@wordfence.com
- CWE-89
- Hype score
- Not currently trending
🚨 CVE-2024-13440 🔴 HIGH (7.5) 🏢 Super Store Finder - Super Store Finder 🏗️ * 🔗 https://t.co/AZu9ypOMGN 🔗 https://t.co/5ufcmhS01L #CyberCron #VulnAlert https://t.co/LgZNoRnqiw
@cybercronai
9 Feb 2025
151 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
1 Quote
Vulnerabilities report for February 9th, 2025. 🗓️ A total of 6 new vulnerabilities were published today with one CVSS CRITICAL (9.8) vulnerability, CVE-2025-0316. This vulnerability is in WP Directorybox Manager plugin for WordPress. One HIGH (7.5) vulnerability, CVE-2024-13440
@gothburz
9 Feb 2025
150 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
There is a new vulnerability with elevated criticality in Super Store Finder Plugin (CVE-2024-13440) https://t.co/jAcI9l8XUD
@vuldb
9 Feb 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-13440 The Super Store Finder plugin for WordPress is vulnerable to SQL Injection via the ‘ssf_wp_user_name’ parameter in all versions up to, and including, 7.0 due to insuf… https://t.co/oeuQz6XFJs
@CVEnew
9 Feb 2025
1095 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:superstorefinder:super_store_finder:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "47E88824-6A25-48E4-A554-D8A5600978F4",
"versionEndExcluding": "7.1"
}
],
"operator": "OR"
}
]
}
]