CVE-2024-13440
📋 TL;DR
The Super Store Finder WordPress plugin contains an SQL injection vulnerability in the 'ssf_wp_user_name' parameter that allows unauthenticated attackers to inject malicious SQL queries. This can lead to data theft, manipulation, or cross-site scripting payload storage in store reviews. All WordPress sites using this plugin up to version 7.0 are affected.
💻 Affected Systems
- Super Store Finder WordPress Plugin
📦 What is this software?
Super Store Finder by Superstorefinder
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including sensitive user data theft, administrative account takeover, and persistent cross-site scripting attacks against all site visitors.
Likely Case
Unauthenticated attackers extract database information, modify store review content with malicious scripts, and potentially gain administrative access to the WordPress site.
If Mitigated
With proper input validation and parameterized queries, the vulnerability would be prevented entirely, allowing only legitimate store review functionality.
🎯 Exploit Status
Exploitation requires understanding of SQL injection techniques but is accessible to moderately skilled attackers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 7.1 or later
Vendor Advisory: https://superstorefinder.net/support/forums/topic/super-store-finder-for-wordpress-patch-notes/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Super Store Finder plugin. 4. Click 'Update Now' if update available. 5. If no update appears, manually download version 7.1+ from vendor site and replace plugin files.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily disable the Super Store Finder plugin to prevent exploitation while planning permanent fix.
Web Application Firewall Rule
allAdd WAF rule to block requests containing SQL injection patterns targeting the ssf_wp_user_name parameter.
🧯 If You Can't Patch
- Implement strict input validation for the ssf_wp_user_name parameter to allow only alphanumeric characters
- Deploy a web application firewall with SQL injection protection rules
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Super Store Finder → Version number. If version is 7.0 or lower, you are vulnerable.Check Version:
wp plugin list --name=super-store-finder --field=versionVerify Fix Applied:
After updating, verify plugin version shows 7.1 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL errors in WordPress debug logs
- Multiple requests to store review endpoints with unusual parameter values
- Database query patterns containing UNION, SELECT, or other SQL injection keywords
Network Indicators:
- HTTP POST requests to store review endpoints containing SQL syntax in parameters
- Unusual traffic spikes to plugin-specific endpoints
SIEM Query:
source="wordpress.log" AND ("ssf_wp_user_name" AND ("UNION" OR "SELECT" OR "INSERT" OR "UPDATE" OR "DELETE"))