CVE-2018-25434

WP AutoSuggest 0.24 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpas keys parameter. Attackers can send GET requests to autosuggest.php with crafted wpas keys values to extract sensitive database information from WordPress posts and other tables.