WordPress Plugin Vulnerabilities

WordPress Store Locator 2.3-3.11 - SQL Injection

Description

The store-locator WordPress plugin was affected by a SQL Injection security vulnerability.

Affects Plugins

Plugin icon
store-locator
Fixed in 3.12

References

CVE
CVE-2014-8621
URL
https://g0blin.co.uk/cve-2014-8621/

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.8 (critical)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
88b4bd37-80bc-466c-b196-11cfbf378335

Timeline

Publicly Published
2014-11-05 (about 11 years ago)
Added
2015-11-13 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2015-08-26
Title
Car Rental System <= 3.0 - SQL Injection
Published
2026-04-07
Title
WCAPF – WooCommerce Ajax Product Filter < 4.3.0 - Unauthenticated Time-Based SQL Injection
Published
2024-10-30
Title
Administrator Z < 2024.10.21 - Subscriber+ SQL Injection
Published
2014-08-01
Title
WP-SpamFree 3.2.1 - Spam SQL Injection
Published
2025-09-28
Title
Image&Video FullScreen Background <= 1.6.7 - Authenticated (Contributor+) SQL Injection