PT-2020-13023 · Woo · Wp-Advanced-Search

Published

2020-04-24

Updated

2020-05-01

CVE-2020-12070

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Advanced Woo Search plugin versions through 1.99

Description The issue concerns a sensitive information disclosure problem. It occurs in every AJAX search request via the sql field to the includes/class-aws-search.php file.

Recommendations For Advanced Woo Search plugin versions through 1.99, consider disabling the AJAX search functionality until a patch is available. Restrict access to the includes/class-aws-search.php file to minimize the risk of exploitation. Avoid using the sql field in AJAX search requests until the issue is resolved.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2020-12070

Affected Products

Wp-Advanced-Search

PT-2020-13023 · Woo · Wp-Advanced-Search

CVE-2020-12070

Weakness Enumeration

Related Identifiers

Affected Products

References · 6