Ajax Store Locator <= 1.2 – Remote SQL Injection

Affects Plugins

ajax-store-locator

No known fix

References

Exploitdb

36777

URL

https://packetstormsecurity.com/files/#131464/

URL

https://www.homelab.it/index.php/2015/04/15/wordpress-ajax-store-locator-sql-injection-vulnerability/

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

Miscellaneous

Submitter

pvdl

Verified

No

WPVDB ID

1efc6277-6e67-4fa6-a977-d65d37e37db9

Timeline

Publicly Published

2015-04-15 (about 11 years ago)

Added

2015-04-16 (about 11 years ago)

Last Updated

2019-10-21 (about 6 years ago)

Other

Published

Title

Published

2020-07-18

Title

Email Subscribers & Newsletters < 4.5.1 - Authenticated SQL injection in es_newsletters_settings_callback()

Published

2025-12-12

Title

Filter & Grids < 3.2.1 - Unauthenticated SQL Injection

Published

2014-08-01

Title

Global Content Blocks <= 1.2 - SQL Injection

Published

2017-12-10

Title

RegistrationMagic - Custom Registration Forms < 3.8.0.9 - Authenticated SQL Injection

Published

2014-08-01

Title

NextGEN Smooth Gallery - Blind SQL Injection