CVE-2012-5853

Name of the Vulnerable Software and Affected Versions AJAX Post Search (cardoza-ajax-search) plugin versions prior to 1.3

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the srch txt parameter in a "the search text" action to the /wp-admin/admin-ajax.php API endpoint, specifically targeting the the search function function in cardoza ajax search.php.

Recommendations For versions prior to 1.3, update to version 1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the the search function function in cardoza ajax search.php until the update is applied. Avoid using the srch txt parameter in the affected API endpoint until the issue is resolved.