CVE-2021-38348

Name of the Vulnerable Software and Affected Versions Advance Search WordPress plugin versions up to and including 1.1.2

Description The issue allows attackers to inject arbitrary web scripts via the wpas id parameter in the ~/inc/admin/views/html-advance-search-admin-options.php file, enabling Reflected Cross-Site Scripting attacks.

Recommendations For versions up to and including 1.1.2, update to a version later than 1.1.2 to resolve the issue. As a temporary workaround, consider restricting access to the wpas id parameter in the affected file until a patch is available.