CVE-2014-8621

SQL injection vulnerability in the Store Locator plugin 2.3 through 3.11 for WordPress allows remote attackers to execute arbitrary SQL commands via the sl_custom_field parameter to sl-xml.php. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt