Executive Summary

CVE-2026-9062 is a vulnerability in the Agile Store Locator WordPress plugin versions before 1.6.9. It occurs because the plugin does not properly validate a parameter used in file paths within certain AJAX handlers. This flaw allows authenticated administrators to perform a path traversal attack, enabling them to read arbitrary PHP files on the server.

Specifically, attackers can send a crafted request to the admin-ajax.php endpoint with a manipulated 'section' parameter that points to sensitive files such as wp-config.php, which contains database credentials and authentication keys. The contents of the targeted file are then returned in the JSON response.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have serious impacts because it allows high-privileged users, like administrators, to read sensitive PHP files on the server. Accessing files such as wp-config.php can expose database credentials and authentication keys.

With this information, an attacker could potentially compromise the database, escalate privileges, or further exploit the system, leading to data breaches or loss of control over the website.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by sending a crafted request to the WordPress site's admin-ajax.php endpoint targeting the vulnerable plugin's AJAX handlers.

Specifically, an authenticated administrator can test for the vulnerability by sending a request with a manipulated 'section' parameter to the 'reset_custom_template' or 'load_custom_template' AJAX handlers.

If the server responds with the contents of arbitrary PHP files (such as wp-config.php) in the 'html' field of the JSON response, the vulnerability is present.

Example command using curl (assuming you have admin credentials and a valid authentication cookie or token):

• curl -X POST -d "action=reset_custom_template&section=../../../../wp-config.php" -b "cookie=YOUR_AUTH_COOKIE" https://yourwordpresssite.com/wp-admin/admin-ajax.php
• Check the JSON response for the 'html' field containing the contents of the targeted PHP file.

Useful 0 Not Useful 0

Mitigation Strategies

The immediate and recommended mitigation step is to update the Agile Store Locator WordPress plugin to version 1.6.9 or later.

This update includes proper validation of the parameters used in the AJAX handlers, preventing path traversal attacks.

Until the update can be applied, restrict administrator access to trusted users only and monitor for suspicious requests to the admin-ajax.php endpoint.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability allows high-privileged users such as administrators to read arbitrary PHP files on the server, including sensitive configuration files containing database credentials and authentication keys.

Exposure of such sensitive information could lead to unauthorized access or data breaches, which may violate data protection regulations like GDPR or HIPAA that require safeguarding personal and sensitive data.

Therefore, if exploited, this vulnerability could compromise compliance with these standards by failing to adequately protect sensitive information.

Useful 0 Not Useful 0