Release date:
Updated on:
Affected Systems:
WordPress Store Locator Plus Plugin 3.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 57222
The WordPress Store Locator Plus Plug-in can place a shop search program on the site.
WordPress Store Locator Plus 3.8.6 and earlier versions do not correctly verify wp-content/plugins/store-locator-le/downloadcsv. the value of the "query" parameter in php can be exploited to perform SQL queries by injecting arbitrary SQL code.
<* Source: vendor
Link: http://www.securityfocus.com/bid/57222/info
Http://www.securelist.com/en/advisories/51757
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
WordPress
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://wordpress.org/extend/plugins/store-locator-le/changelog/