PT-2024-24743 · WordPress · Advanced Search
Fourcade
·
Published
2024-04-25
·
Updated
2024-07-03
·
CVE-2024-3265
CVSS v3.1
4.7
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Advanced Search WordPress plugin versions 1.1.6 and earlier
Description
The issue allows users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configuration due to improper escaping of parameters appended to an SQL query.
Recommendations
For Advanced Search WordPress plugin versions 1.1.6 and earlier, update to a version that properly escapes parameters appended to SQL queries to prevent SQL Injection attacks.
Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Advanced Search