Ngoc Nguyen

**Name of the Vulnerable Software and Affected Versions** Astra Pro Addon WordPress plugin versions prior to 3.5.2 **Description** The issue arises from the improper sanitization or escaping of certain POST parameters from the `astra pagination infinite` and `astra shop pagination infinite` AJAX actions, which are accessible to both unauthenticated and authenticated users. This leads to SQL injection issues when these parameters are used in SQL statements. **Recommendations** For versions prior to 3.5.2, update to version 3.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `astra pagination infinite` and `astra shop pagination infinite` AJAX actions to minimize the risk of exploitation.