CVE-2025-52720: 
WordPress vulnerability analysis and mitigation

The Super Store Finder WordPress plugin contains an SQL Injection vulnerability (CVE-2025-52720) affecting versions up to and including 7.5. This vulnerability was discovered on July 31, 2025, and allows unauthenticated attackers to perform SQL injection attacks due to insufficient escaping of user-supplied parameters and inadequate preparation of SQL queries (Rapid7, Patchstack).

The vulnerability has been assigned a CVSS v3 Base Score of 9.3 (Critical), with an Impact Score of 4.7 and Exploitability Score of 3.9. The attack vector is Network-based (AV:N), with Low attack complexity (AC:L), requiring No privileges (PR:N) and No user interaction (UI:N). The scope is Changed (S:C), with High impact on Confidentiality (C:H), No impact on Integrity (I:N), and Low impact on Availability (A:L) (AttackerKB).

The vulnerability allows unauthenticated attackers to append additional SQL queries to existing queries, potentially leading to the extraction of sensitive information from the database. This could result in unauthorized access to confidential data stored within the WordPress installation (Rapid7).

Users are strongly advised to update to version 7.6 or later of the Super Store Finder plugin, which contains the fix for this vulnerability. Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to the fixed version (Patchstack).