The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.3. This is due to insufficient restrictions on the sendMail.php file that allows direct access. This makes it possible for unauthenticated attackers to send emails utilizing the vulnerable site’s server, with arbitrary content.
Technical Review
After we checked the directory , we found file named sendMail.php that have no restriction from accessing to public.
Source code
The unrestricted file allow user to create an email from crafted html form.
Impact
This vulnerability is classified as medium risk. The attacker could craft an arbitrary content to perform social engineering attack to gain information from the victims.
