Super Store Finder
CVE-2023-41508
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A hard coded password in Super Store Finder v3.6 allows attackers to access the administration panel.
AnalysisAI
A hard coded password in Super Store Finder v3.6 allows attackers to access the administration panel. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Use of Hard-coded Credentials (CWE-798), which allows attackers to gain access using credentials embedded in source code. A hard coded password in Super Store Finder v3.6 allows attackers to access the administration panel. Affected products include: Superstorefinder Super Store Finder.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Remove hard-coded credentials, use environment variables or secrets management, rotate exposed credentials immediately.
More in Super Store Finder
View allSuper Store Finder v3.6 was discovered to contain multiple SQL injection vulnerabilities in the store locator component
Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote C
Super Store Finder v3.6 and below was discovered to contain a SQL injection vulnerability via the Search parameter at /a
A vulnerability was found in Super Store Finder 3.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely
The Super Store Finder plugin for WordPress is vulnerable to SQL Injection via the ‘ssf_wp_user_name’ parameter in all v
The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versi
Same weakness CWE-798 – Use of Hard-coded Credentials
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today