WordPress Plugin Vulnerabilities

Ajax Store Locator <= 1.2 - Arbitrary File Download

Description

The ajax-store-locator WordPress plugin was affected by an Arbitrary File Download security vulnerability.

Affects Plugins

Plugin icon
ajax-store-locator
No known fix

References

Exploitdb
35493
URL
https://packetstormsecurity.com/files/#129408/
URL
https://www.homelab.it/index.php/2014/12/06/wordpress-ajax-store-locator-arbitrary-file-download-vulnerability/

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22

Miscellaneous

Submitter
pvdl
Verified
No
WPVDB ID
cd92fc31-4b7a-4dd6-9ab6-ab012b70b5ed

Timeline

Publicly Published
2014-12-08 (about 11 years ago)
Added
2014-12-08 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2025-06-10
Title
FW Gallery <= 8.0.0 - Unauthenticated Arbitrary File Deletion
Published
2024-11-08
Title
WPLMS Learning Management System for WordPress < 4.963 - Unauthenticated Arbitrary File Read and Deletion
Published
2025-04-30
Title
Section Widget <= 3.3.1 - Unauthenticated Path Traversal
Published
2025-10-30
Title
WooCommerce Designer Pro < 1.9.31 - Unauthenticated Arbitrary File Read
Published
2026-01-05
Title
FastDup < 2.7.1 - Authenticated (Contributor+) Path Traversal via 'dir_path' REST Parameter