CVE-2024-47350

Name of the Vulnerable Software and Affected Versions YITH WooCommerce Ajax Search versions 2.8.0 and earlier

Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks, potentially enabling remote attacks on systems using the YITH WooCommerce Ajax Search plugin. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For YITH WooCommerce Ajax Search versions 2.8.0 and earlier, update to a version later than 2.8.0 to resolve the SQL Injection issue. As a temporary workaround, consider restricting access to sensitive data and closely monitoring system activity for signs of potential breaches until a patch is applied.