WordPress Google Maps Via Store Locator Plus Plugin Multiple Vulnerabilities

Summary
This host is running WordPress Google Maps Via Store Locator Plus Plugin and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attacker to obtain sensitive information, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database. Impact Level: System/Application
Solution
Upgrade to Google Maps Via Store Locator Plus Plugin version 3.0.5 or later, For updates refer to http://wordpress.org/extend/plugins/store-locator-le
Insight
- An error exists due to the application displaying the installation path in debug output when accessing wp-content/plugins/store-locator-le/core/load_ wp_config.php. - Input passed via the 'query' parameter to /wp-content/plugins/store- locator-le/downloadcsv.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Affected
WordPress Google Maps Via Store Locator Plus Plugin version 3.0.1
References