Description
WordPress Plugin Store Locator Plus for WordPress is prone to multiple vulnerabilities including an information disclosure vulnerability and a SQL injection vulnerability. Exploiting these issues could allow an attacker to obtain sensitive information, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin Store Locator Plus for WordPress versions from 2.7.1 to 3.0.1 are vulnerable; prior versions may also be affected.
Remediation
Restrict access to the wp-content/plugins/store-locator-le/core/load_wp_config.php file (e.g. via .htaccess) and edit the source code to ensure that input is properly sanitised
References
Related Vulnerabilities
Oracle JRE CVE-2012-0501 Vulnerability (CVE-2012-0501)
WordPress Plugin Woocommerce CSV importer Unspecified Vulnerability (3.4.0)
WordPress Plugin Coupon Creator Cross-Site Request Forgery (3.1)
Joomla! Core 3.x.x Cross-Site Request Forgery (3.7.0 - 3.9.19)
Oracle Database Server CVE-2015-0483 Vulnerability (CVE-2015-0483)