Volerion logoVolerion
Volerion logoVolerion

NotFound Store Locator Path Traversal Vulnerability Leading to Local File Inclusion

Vulnerability

A path traversal vulnerability has been identified in the NotFound Store Locator WordPress plugin, specifically in versions through 3.98.10. This vulnerability allows for PHP local file inclusion, where an attacker could exploit the path traversal flaw to include and execute local files on the server.

Impact

Exploitation of this vulnerability could lead to local file inclusion, allowing attackers to include and execute files from the server. This could potentially be used to access sensitive information, such as database credentials, and could result in a complete takeover of the database, depending on the server's configuration.

Remediation

Users are advised to update to a version of the NotFound Store Locator WordPress plugin that is not affected by this vulnerability. Patchstack has issued a virtual patch to mitigate this issue for its customers.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
5.2
impact
2.5
exploitability
7.6
remediation
0.0
relevance
0.0
threat
0.0
urgency
2.9
incentive
5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.