Lucene search
WPScanCVELIST:CVE-2024-3265HistoryApr 25, 2024 - 9:25 p.m.
CVE-2024-3265 WP Advanced Search <= 1.1.6 - Admin+ SQL Injection
2024-04-2521:25:07
WPScan
www.cve.org
wordpress
plugin
sql injection
administrator role
multisite configurations
The Advanced Search WordPress plugin through 1.1.6 does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations.
CNA Affected
[
{
"vendor": "Unknown",
"product": "Advanced Search",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThanOrEqual": "1.1.6"
}
],
"defaultStatus": "affected"
}
]Related
cve
cve
CVE-2024-3265
2024-04-25 22:15:09
wpvulndb
wpvulndb
WP Advanced Search <= 1.1.6 - Admin+ SQL Injection
2024-04-04 00:00:00
wpexploit
wpexploit
WP Advanced Search <= 1.1.6 - Admin+ SQL Injection
2024-04-04 00:00:00
nvd
nvd
CVE-2024-3265
2024-04-25 22:15:09
fedora
fedora
[SECURITY] Fedora 39 Update: freerdp-2.11.7-1.fc39
2024-05-09 02:05:21
[SECURITY] Fedora 38 Update: freerdp-2.11.7-1.fc38
2024-05-09 01:49:12
[SECURITY] Fedora 40 Update: freerdp2-2.11.7-1.fc40
2024-05-09 01:41:53
wordfence
wordfence