VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 12 known issues Latest disclosed Aug 21, 2025

Super Store Finder Vulnerabilities

Review known vulnerability records for the WordPress plugin Super Store Finder (`superstorefinder-wp`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-58939 and CVE-2025-52720, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
12
High or Critical
9
Patch Coverage
100%
Last Updated
Nov 04, 2025
Priority CVE Quick Links

Fast paths into Super Store Finder CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
9
CVE-2024-43978 Critical 6.9.8
CVE-2024-43978 Super Store Finder SQL Injection

Super Store Finder <= 6.9.7 - Unauthenticated SQL Injection

CVE-2024-43976 Critical 6.9.8
CVE-2024-43976 Super Store Finder SQL Injection

Super Store Finder <= 6.9.7 - Authenticated (Subscriber+) SQL Injection

CVE-2024-13440 High 7.1
CVE-2024-13440 Super Store Finder SQL Injection

Super Store Finder <= 7.0 - Unauthenticated SQL Injection to Stored Cross-Site Scripting

CVE-2025-47571 High 7.8
CVE-2025-47571 Super Store Finder Local File Inclusion

Super Store Finder < 6.8 - Unauthenticated Local File Inclusion

CVE-2025-52720 High 7.6
CVE-2025-52720 Super Store Finder SQL Injection

Super Store Finder <= 7.5 - Unauthenticated SQL Injection

CVE-2025-39445 High 7.5
CVE-2025-39445 Super Store Finder SQL Injection

Super Store Finder <= 7.2 - Unauthenticated SQL Injection

CVE-2024-43975 High 6.9.8
CVE-2024-43975 Super Store Finder Stored Cross-Site Scripting

Super Store Finder <= 6.9.7 - Unauthenticated Stored Cross-Site Scripting

CVE-2023-5054 Medium 6.9.4
CVE-2023-5054 Super Store Finder Vulnerability

Super Store Finder <= 6.9.3 - Unauthenticated Email Creation/Sending

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Super Store Finder so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
12 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
3 critical and 6 high severity findings.
Recent CVEs
CVE-2025-58939 and CVE-2025-52720
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Super Store Finder

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: No CVE-2025-58939
CVE-2025-58939: Super Store Finder <= 7.5 - Cross-Site Request Forgery

The Super Store Finder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized actio...

Published
Aug 21, 2025
Patched Release
Not published
Affected Versions
Versions up to 7.5
Next Step
Open the full report for remediation notes and references.
Open CVE-2025-58939 Report Open CVE Reference
Plugin Medium Patched: Yes
Super Store Finder <= 7.6 - Reflected Cross-Site Scripting

The Super Store Finder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

Published
Aug 21, 2025
Patched Release
7.7
Affected Versions
Versions up to 7.6
Next Step
Update to 7.7 or newer if supported.
Open Full Report
Plugin High Patched: Yes CVE-2025-52720
CVE-2025-52720: Super Store Finder <= 7.5 - Unauthenticated SQL Injection

The Super Store Finder plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 7.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated at...

Published
Jul 31, 2025
Patched Release
7.6
Affected Versions
Versions up to 7.5
Next Step
Update to 7.6 or newer if supported.
Open CVE-2025-52720 Report Open CVE Reference
Plugin High Patched: Yes CVE-2025-47571
CVE-2025-47571: Super Store Finder < 6.8 - Unauthenticated Local File Inclusion

The Super Store Finder plugin for WordPress is vulnerable to Local File Inclusion in versions up to 7.8. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be u...

Published
Jul 07, 2025
Patched Release
7.8
Affected Versions
Versions before 7.8
Next Step
Update to 7.8 or newer if supported.
Open CVE-2025-47571 Report Open CVE Reference
Plugin High Patched: Yes CVE-2025-39445
CVE-2025-39445: Super Store Finder <= 7.2 - Unauthenticated SQL Injection

The Super Store Finder plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated at...

Published
Apr 17, 2025
Patched Release
7.5
Affected Versions
Versions up to 7.2
Next Step
Update to 7.5 or newer if supported.
Open CVE-2025-39445 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-13440
CVE-2024-13440: Super Store Finder <= 7.0 - Unauthenticated SQL Injection to Stored Cross-Site Scripting

The Super Store Finder plugin for WordPress is vulnerable to SQL Injection via the ‘ssf_wp_user_name’ parameter in all versions up to, and including, 7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

Published
Feb 08, 2025
Patched Release
7.1
Affected Versions
Versions up to 7.0
Next Step
Update to 7.1 or newer if supported.
Open CVE-2024-13440 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-43975
CVE-2024-43975: Super Store Finder <= 6.9.7 - Unauthenticated Stored Cross-Site Scripting

The Super Store Finder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.9.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

Published
Aug 28, 2024
Patched Release
6.9.8
Affected Versions
Versions up to 6.9.7
Next Step
Update to 6.9.8 or newer if supported.
Open CVE-2024-43975 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2024-43976
CVE-2024-43976: Super Store Finder <= 6.9.7 - Authenticated (Subscriber+) SQL Injection

The Super Store Finder plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 6.9.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated at...

Published
Aug 28, 2024
Patched Release
6.9.8
Affected Versions
Versions up to 6.9.7
Next Step
Update to 6.9.8 or newer if supported.
Open CVE-2024-43976 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2024-43978
CVE-2024-43978: Super Store Finder <= 6.9.7 - Unauthenticated SQL Injection

The Super Store Finder plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 6.9.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...

Published
Aug 28, 2024
Patched Release
6.9.8
Affected Versions
Versions up to 6.9.7
Next Step
Update to 6.9.8 or newer if supported.
Open CVE-2024-43978 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-5054
CVE-2023-5054: Super Store Finder <= 6.9.3 - Unauthenticated Email Creation/Sending

The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.3. This is due to insufficient restrictions on the sendMail.php file that allows direct access. This makes it possible for unauthe...

Published
Sep 18, 2023
Patched Release
6.9.4
Affected Versions
Versions up to 6.9.3
Next Step
Update to 6.9.4 or newer if supported.
Open CVE-2023-5054 Report Open CVE Reference
Plugin Critical Patched: Yes
Super Store Finder <= 6.4, Super Interactive Maps <= 2.1 - SQL Injection

The Super Store Finder plugin in versions up to, and including 6.4 and the Super Interactive Maps plugin in versions up to, and including 2.1 for WordPress are vulnerable to SQL Injection via the ‘ssf_wp_id’ parameter due to insufficient escaping on the user supplied parameter an...

Published
Mar 08, 2021
Patched Release
6.5
Affected Versions
Versions before 6.5
Next Step
Update to 6.5 or newer if supported.
Open Full Report
Plugin High Patched: Yes
Super Store Finder <= 6.1, Super Interactive Maps <= 1.9, Super Logo Showcase <= 2.2 - Arbitrary File Upload

The Super Store Finder, Super Interactive Maps, and Super Logo Showcase plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation in the /pages/import.php file in versions up to, and including, 6.1, 1.9. and 2.2 respectively. This makes it...

Published
Oct 21, 2020
Patched Release
6.2
Affected Versions
Versions up to 6.1
Next Step
Update to 6.2 or newer if supported.
Open Full Report