Highwarden Super Store Finder Local File Inclusion Vulnerability

A local file inclusion vulnerability has been identified in the Highwarden Super Store Finder WordPress plugin, affecting versions through 6.9.7. This vulnerability arises from improper control of filenames in include or require statements, allowing for the inclusion of local files from the target website. Such inclusion could be exploited to read files containing sensitive information, like database credentials, potentially leading to a complete takeover of the database, depending on the site's configuration.

Impact

Exploitation of this vulnerability could allow an attacker to include and execute local files on the server, with the possibility of accessing sensitive information such as database credentials. In some cases, this could lead to a full compromise of the database.

Remediation

Users of the Highwarden Super Store Finder WordPress plugin are advised to update to the latest version. For those unable to update immediately, Patchstack offers a virtual patch that can be applied to mitigate this vulnerability.