PT-2026-60399 · WordPress · Advance Product Search- Voice & Ajax Search For Woocommerce

Prism

·

Published

2026-07-16

·

Updated

2026-07-16

·

CVE-2026-12753

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Advance Product Search- Voice & Ajax Search for WooCommerce versions prior to 1.4.5
Description An issue exists where unauthenticated attackers can append additional SQL queries to existing ones to extract sensitive information from the database. This occurs due to insufficient escaping of user-supplied parameters and a lack of sufficient preparation of the SQL query. The flaw is triggered via the 's' and match parameters in the search functionality.
Recommendations Update Advance Product Search- Voice & Ajax Search for WooCommerce to version 1.4.5 or later. As a temporary mitigation, restrict access to the search functionality that utilizes the s and match parameters.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-12753

Affected Products

Advance Product Search- Voice & Ajax Search For Woocommerce