Home > Content Management, Information Disclosure, SQL Injection > WordPress Google Maps Via Store Locator Plus Plugin Path Disclosure and SQL Injection

WordPress Google Maps Via Store Locator Plus Plugin Path Disclosure and SQL Injection

June 30th, 2012

Application: WordPress
Affected Version: version 3.0.1 and other versions.
Vendor’s URL: Google Maps Via Store Locator Plus Plugin
Bug Type: SQL Injection & Path Disclosure
Risk Level: Critical

Solution:
Restrict access to the wp-content/plugins/store-locator-le/core/load_wp_config.php file (e.g. via .htaccess). Edit the source code to ensure that input is properly sanitised.

Content Management, Information Disclosure, SQL Injection

Comments are closed.