Back

Critical SQL Injection Vulnerability in JSP Store Locator Plugin

Severity: High (Score: 72.9)

Sources: Seckhmet, nvd.nist.gov

Summary

A critical SQL Injection vulnerability (CVE-2024-11267) has been identified in the JSP Store Locator WordPress plugin, rated CVSS 8.8. This vulnerability allows registered users with low privileges to execute SQL injection attacks without requiring victim interaction. Affected users can potentially read, modify, or delete all database data, leading to severe impacts on confidentiality, integrity, and availability. The vulnerability exists due to improper sanitization and escaping of parameters in SQL statements. Users of the plugin are urged to update or uninstall it immediately and to monitor database logs for any signs of exploitation. Continuous monitoring solutions for WordPress are recommended to mitigate future threats. The CVE was published on May 15, 2025. Key Points: • CVE-2024-11267 is a critical SQL Injection vulnerability in the JSP Store Locator plugin. • Exploitable by registered users with low privileges, allowing full database access. • Immediate action is required: update or uninstall the affected plugin.

Key Entities

  • Sql Injection (attack_type)
  • CVE-2024-11267 (cve)
  • Cwe-89 - SQL Injection (cwe)
  • T1190 - Exploit Public-Facing Application (mitre_attack)
  • WordPress (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed