CVE-2024-9796

Name of the Vulnerable Software and Affected Versions WP-Advanced-Search versions prior to 3.3.9.2

Description The issue arises from the failure to sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks. This vulnerability can be exploited by users without authentication, posing a significant risk to the security and integrity of the site's data.

Recommendations For WP-Advanced-Search versions prior to 3.3.9.2, update to version 3.3.9.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable plugin until the update is applied. Avoid using the t parameter in SQL statements until the issue is resolved.