cleantalk
Vulnerabilities and Security Researches

Store Locator for WordPress with Google Maps – LotsOfLocales, 4fa71b8c7d29c3050b951adfff5bf47b58228f4e

CVE, Research URL

4fa71b8c7d29c3050b951adfff5bf47b58228f4e

Home page URL

Security reports for Store Locator for WordPress with Google Maps – LotsOfLocales

Application

Store Locator for WordPress with Google Maps – LotsOfLocales

Published on
Feb 09, 2015
Research Description
Store Locator for WordPress with Google Maps – LotsOfLocales [store-locator] < 3.34 (closed) Store Locator < 3.34 - SQL Injection The Store Locator Plugin for WordPress is vulnerable to blind SQL Injection via the sl_vars[num_initial_displayed] parameter in versions before 3.34 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions
max 3.34.
Status
vulnerable
Previous vulnerability researches
MapifyLite (by MapifyPro) (e5bfd53d-0d9a-42f2-8af8-5bb710bac828) , Jun 16, 2026
MapifyLite (by MapifyPro) (6be590d56cf666ad67a6e008b71242e607d966ea) , Jun 16, 2026
MapifyLite (by MapifyPro) (d7a357e358b4eb001b41f84d3531981914480734) , Jun 07, 2024
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026