SQL Injection Vulnerability in WP Multi Store Locator by WPExperts.io
CVE-2025-26974

9.3CRITICAL

Key Information:

Vendor: WPexperts.io
Status: WP Multi Store Locator
Vendor: CVE Published:; 25 February 2025

Summary

The WP Multi Store Locator plugin by WPExperts.io contains a vulnerability that allows for Blind SQL Injection due to improper neutralization of special elements used in SQL commands. This flaw can enable attackers to manipulate database queries, compromising the integrity of data and potentially leading to unauthorized data access. Affected versions range from n/a up to 2.5.1, highlighting the importance of updating to secure versions to mitigate risks associated with this vulnerability.

Affected Version(s)

WP Multi Store Locator <= 2.5.1

References

https://patchstack.com/database/wordpress/plugin/wp-multi...

vdb-entry

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 25, 2025
Vulnerability Reserved
Feb 17, 2025

Credit

Trương Hữu Phúc (truonghuuphuc) (Patchstack Alliance)