SQL Injection Vulnerability in Agile Logix Store Locator by WordPress
CVE-2025-49328

7.6HIGH

Key Information:

Vendor: WordPress
Status: Store Locator WordPress
Vendor: CVE Published:; 6 June 2025

What is CVE-2025-49328?

The Agile Logix Store Locator plugin for WordPress is prone to an SQL injection vulnerability. This issue arises due to improper neutralization of special elements in SQL commands, allowing attackers to manipulate database queries. Exploiting this vulnerability could enable unauthorized access to sensitive data, making it critical for users to update to the latest version or implement necessary security measures to protect their sites.

Affected Version(s)

Store Locator WordPress <= 1.5.1

References

https://patchstack.com/database/wordpress/plugin/agile-st...

vdb-entry

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 6, 2025
Vulnerability Reserved
Jun 4, 2025

Credit

Nguyen Kim Sang (Patchstack Alliance)