PT-2026-60399 · WordPress · Advance Product Search- Voice & Ajax Search For Woocommerce
Prism
·
Published
2026-07-16
·
Updated
2026-07-16
·
CVE-2026-12753
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Advance Product Search- Voice & Ajax Search for WooCommerce versions prior to 1.4.5
Description
An issue exists where unauthenticated attackers can append additional SQL queries to existing ones to extract sensitive information from the database. This occurs due to insufficient escaping of user-supplied parameters and a lack of sufficient preparation of the SQL query. The flaw is triggered via the 's' and
match parameters in the search functionality.Recommendations
Update Advance Product Search- Voice & Ajax Search for WooCommerce to version 1.4.5 or later.
As a temporary mitigation, restrict access to the search functionality that utilizes the
s and match parameters.Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Advance Product Search- Voice & Ajax Search For Woocommerce