CVE-2024-43978
📋 TL;DR
This SQL injection vulnerability in the Super Store Finder WordPress plugin allows attackers to execute arbitrary SQL commands on the database. It affects all WordPress sites running Super Store Finder versions before 6.9.8. Successful exploitation could lead to data theft, modification, or complete database compromise.
💻 Affected Systems
- Super Store Finder WordPress Plugin
📦 What is this software?
Super Store Finder by Superstorefinder
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including sensitive data exfiltration, privilege escalation, remote code execution via database functions, and potential site takeover.
Likely Case
Data theft from the WordPress database including user credentials, personal information, and plugin-specific data, potentially leading to further attacks.
If Mitigated
Limited impact with proper input validation and parameterized queries in place, potentially only error messages or minor data exposure.
🎯 Exploit Status
SQL injection vulnerabilities in WordPress plugins are frequently weaponized. The public advisory suggests exploitation details are available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.9.8
Vendor Advisory: https://patchstack.com/database/vulnerability/superstorefinder-wp/wordpress-super-store-finder-plugin-6-9-8-sql-injection-vulnerability?_s_id=cve
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Super Store Finder and click 'Update Now'. 4. Verify version shows 6.9.8 or higher.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily disable the Super Store Finder plugin until patched
wp plugin deactivate superstorefinder-wp
Web Application Firewall
allDeploy WAF rules to block SQL injection patterns targeting this plugin
🧯 If You Can't Patch
- Implement strict input validation and sanitization for all user inputs
- Deploy database monitoring and alerting for unusual SQL queries
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Super Store Finder version. If version is below 6.9.8, you are vulnerable.Check Version:
wp plugin get superstorefinder-wp --field=versionVerify Fix Applied:
Verify plugin version shows 6.9.8 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual database queries in WordPress or database logs
- Multiple failed login attempts or unusual user activity
- Error logs showing SQL syntax errors
Network Indicators:
- HTTP requests with SQL injection payloads to plugin endpoints
- Unusual outbound database connections
SIEM Query:
source="wordpress.log" AND ("superstorefinder" OR "store-finder") AND ("union select" OR "sleep(" OR "benchmark(" OR "' OR '1'='1")