The vulnerability CVE-2024-43976 in highwarden Super Store Finder (<= 6.9.7) is an SQL Injection issue caused by improper neutralization of special elements in SQL commands. It allows remote attackers to execute unauthorized SQL queries without authentication. The CVSS 3.1 score is 9.3 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L), indicating network attack vector, low attack complexity, no privileges or user interaction required, with a scope change and high confidentiality impact but no integrity impact and low availability impact. The vulnerability is published and tracked but no patch or fix links are currently available. The product is not a cloud service, so remediation depends on vendor patching or user updates.

An unauthenticated remote attacker can exploit this SQL Injection vulnerability to execute arbitrary SQL commands on the affected system's database. This can lead to a complete compromise of confidentiality by exposing sensitive data. The integrity of the database is not directly impacted, and availability impact is low. The vulnerability affects all installations of Super Store Finder up to version 6.9.7. No known active exploitation has been reported yet.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official patch or fix is currently documented, users should monitor the vendor's communications for updates. Until a patch is available, consider restricting access to the affected plugin or applying web application firewall (WAF) rules to detect and block SQL injection attempts specific to this plugin.