PT-2020-13036 · WordPress · Wp-Advanced-Search
Published
2020-05-05
·
Updated
2024-10-16
·
CVE-2020-12104
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
wp-advanced-search plugin version 3.3.6
Description
The Import feature in the wp-advanced-search plugin is vulnerable to authenticated SQL injection via an uploaded .sql file. An attacker can use this to execute SQL commands without any validation.
Recommendations
For wp-advanced-search plugin version 3.3.6, consider disabling the Import feature until a patch is available to prevent authenticated SQL injection attacks. Restrict access to the plugin's upload functionality to minimize the risk of exploitation.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wp-Advanced-Search