CVE-2024-3265

2024-04-2522:15:09

[email protected]

web.nvd.nist.gov

wordpress

advanced search

sql injection

multisite configuration

9.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

The Advanced Search WordPress plugin through 1.1.6 does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations.

Affected configurations

Vulners

Node

advanced-woo-searchadvanced_woo_searchRange≤1.1.6

VendorProductVersionCPE
advanced\-woo\-searchadvanced_woo_search*cpe:2.3:a:advanced\-woo\-search:advanced_woo_search:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
advanced\-woo\-search	advanced_woo_search	*	cpe:2.3:a:advanced\-woo\-search:advanced_woo_search::::::::

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Advanced Search",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThanOrEqual": "1.1.6"
      }
    ],
    "defaultStatus": "affected"
  }
]