Super Store Finder v3.6 and below exists to contain a SQL injection vulnerability via the Search parameter at /admin/stores.php.
superstorefinder super store finder