Store Locator Plus® 5.9 Security Update Released (WordPress Plugin)

Store Locator Plus® 5.9 was released today for our WordPress plugin customers.   The update addresses several security concerns in the AJAX and REST libraries included with Store Locator Plus®.   Despite several articles being released prematurely from security companies in the WordPress market, we are unaware of any compromises to WordPress sites due to this vulnerability.

Unfortunately the folks that manage the WordPress plugin directory de-listed Store Locator Plus® almost immediately, despite our ongoing communication that we were working on patching the reported vulnerabilities.    As such, many of our WordPress plugin users are now unable to update the WordPress plugin to install the latest 5.9 release automatically from within their site dashboard.

Upgrading Store Locator Plus® On WordPress

Users that wish to upgrade to the latest 5.9 release will need to follow these steps until further notice:

  1. If you do not already have an account at WordPress.StoreLocatorPlus.com with the Store Locator Plus® base plugin as a prior purchase, you will need to purchase it.
    1. Go to https://wordpress.storelocatorplus.com/
    2. Click the Add To Cart Link
    3. Complete your purchase
  2. Login to your WordPress.StoreLocatorPlus.com account and download the base plugin.
    1. Go to https://wordpress.storelocatorplus.com/
    2. Click on My Account (top right of screen on the menu bar)
    3. Click on the Downloads entry on the account menu (top-middle of the page).
    4. Download Store Locator Plus®
  3. Deactivate and Delete Store Locator Plus® from your website plugins.   It will not remove your settings or locations.
    1. Login to your website as a site administrator.
    2. Go to plugins.
    3. Find the Store Locator Plus® plugin, hover over the entry on the plugin list.
    4. Deactivate the Store Locator Plus® plugin (this may deactivate your premium Store Locator Plus® add ons)
    5. Delete the Store Locator Plus® plugin.
  4. Upload and activate the updated 5.9 version of Store Locator Plus®.
    1. While staying logged in as an administrator on your site go to plugins.
    2. Click the Add New button.
    3. Click the Upload Plugin button next to the “Add Plugins” title.
    4. Select the Store Locator Plus® slp4.zip file you downloaded from our WordPress store.
    5. Go back to the main Plugins dashboard on your site, listing all plugins.
    6. Check off ALL the Store Locator Plus® plugins, including the newly-uploaded Store Locator Plus® base plugin and any premium add-ons you may have.
    7. From the menu on the top or bottom of the plugin list, choose “Activate” and click Apply.

For those that do not have an existing purchase of the Store Locator Plus® base plugin for WordPress and do NOT wish to purchase a copy from our store, you can wait until the folks that manage the WordPress plugin directory review our latest release and re-list it in the WordPress plugin store.  We are hoping this happens soon, but they are very busy and it could take up to a month for them to review our updates.

For Our SaaS Customers

For our customers using our SaaS service, none of this applies to you.  All security patches and updates are automatically provided as part of the service.   The security concerns in the self-managed WordPress plugin that are being discussed do not affect your site in any way.    SaaS users are not hosting data or access endpoints for AJAX or REST on their servers, and thus have no vulnerabilities like those discussed in the various Store Locator Plus® security bulletins.

 

2 comments on “Store Locator Map Center, Location Sensor, Address patches”

Store Locator Map Center, Location Sensor, Address patches

Store Locator Plus® 5.7 has been released to assist with several features available in the Professional and Enterprise packages of our SaaS product as well as features for the Power and Experience add-on packages for the WordPress plugin.

Location Sensor Refinements

The locations sensor is available for users of the Professional or Enterprise SaaS service.    For those using the legacy WordPress plugins the Power add on is required.     Keep in mind your site must be an https-based URL which will require you have an SSL certificate.

This patch enhances the consistency of location detection features where some combinations of settings were forcing the location sensor to enable when the feature was turned off.

This setting is found under Store Locator Plus® | General | User Interface.

Center Map

Setting the center of the map can happen several ways.  The default for all maps is to use the value stored under Store Locator Plus® | Settings | Map for Center Map At.

Store Locator Postal Code , City Address Format

Store Locator Plus® 5.2 brings a new search results shortcode to assist in proper formatting of European addresses — especially German addresses which list the postal code followed by the city.   Prior to the 5.2 release the standard shortcode was [slp_location city_state_zip] which displayed a standard US-format address with a comma between the city and state when warranted.

A new variation of the shortcode [slp_location zip_state_city] puts the zip (postal code) first followed by the state and city WITHOUT any commas.   The new shortcode goes in the Store Locator Plus® | Settings | Results Layout setting.     To swap the address format change the [slp_location city_state_zip] entry in the Results Layout setting with [slp_location zip_state_city].

In addition to the new layout option, the [slp_location city_state_zip] output was patched to ensure a space remains in place between city and postal code if the state is not set.

MySLP Users

Users of our My Store Locator Plus®  SaaS service will automatically receive this new feature  as our servers are updated.    That is one of they many benefits of having a monthly MySLP subscription — no more plugin updates or migration concerns.   As soon as the newest features have been tested and scanned for security issues we update our servers.    Your JavaScript embed code keeps on working, automatically getting the latest features.

If you wish to change your Results Layout setting you can login at the MySLP Dashboard.

WordPress Plugin Users

Users that opt to stay with our legacy Store Locator Plus® products, we are continuing to patch these self-managed/self-installed plugins.   You are responsible for making sure your WordPress account is backed-up prior to upgrading and will need to manage the installs on a site-by-site basis.

Remember, WordPress users are not required to upgrade to the MySLP SaaS subscription.   If you have purchased the WordPress plugins and want to check on what was ordered and what updates are available you should login at the WordPress Plugin Store.