Wojciech Jezowski

**Name of the Vulnerable Software and Affected Versions** WP-Advanced-Search versions prior to 3.3.9.2 **Description** The issue arises from the failure to sanitize and escape the `t` parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks. This vulnerability can be exploited by users without authentication, posing a significant risk to the security and integrity of the site's data. **Recommendations** For WP-Advanced-Search versions prior to 3.3.9.2, update to version 3.3.9.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable plugin until the update is applied. Avoid using the `t` parameter in SQL statements until the issue is resolved.