26 matches found
CVE-2020-12070
The Advanced Woo Search plugin version through 1.99 for Wordpress suffers from a sensitive information disclosure vulnerability in every ajax search request via the sql field to includes/class-aws-search.php...
EUVD-2020-4386
Malware in sbrugna...
CVE-2025-2302
The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's awssearchterms shortcode in all versions up to, and including, 3.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress plugin Advanced Woo Search 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2025-2302 Advanced Woo Search <= 3.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via aws_search_terms Shortcode
The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's awssearchterms shortcode in all versions up to, and including, 3.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-2302 Advanced Woo Search <= 3.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via aws_search_terms Shortcode
The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's awssearchterms shortcode in all versions up to, and including, 3.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-2302
CVE-2025-2302 affects the Advanced Woo Search WordPress plugin. It is vulnerable to a Stored Cross-Site Scripting (XSS) via the aws_search_terms shortcode in all versions up to and including 3.28, caused by insufficient input sanitization and output escaping of user-supplied attributes. This allo...
WordPress Advanced Woo Search plugin <= 3.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via aws_search_terms Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via awssearchterms Shortcode vulnerability discovered by yudha in WordPress Plugin Advanced Woo Search versions = 3.28...
Advanced Woo Search < 2.97 - Reflected Cross-Site Scripting
Description The plugin is vulnerable to Reflected Cross-Site Scripting via the search parameter in all versions up to, and including, 2.96 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
WordPress Advanced Woo Search Plugin <= 2.96 is vulnerable to Cross Site Scripting (XSS)
Software Advanced Woo Search Type Plugin Vulnerable versions = 2.96 Fixed in 2.97 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0251 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e1f5b4bb7cdb Credits Artem Guzhva...
CVE-2024-0251
The Advanced Woo Search plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search parameter in all versions up to, and including, 2.96 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2024-0251 Advanced Woo Search <= 2.96 - Reflected Cross-Site Scripting
The Advanced Woo Search plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search parameter in all versions up to, and including, 2.96 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
WordPress Plugin Advanced Woo Search Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
PT-2024-15412 · WordPress · Wp-Advanced-Search +1
Name of the Vulnerable Software and Affected Versions: Advanced Woo Search plugin for WordPress versions up to, and including, 2.96 Description: The issue is related to Reflected Cross-Site Scripting via the search parameter due to insufficient input sanitization and output escaping. This allows...
CVE-2023-2452
The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...
CVE-2023-2452
The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...
CVE-2023-2452 Advanced Woo Search <= 2.77 - Authenticated (Admin+) Stored Cross-Site Scripting
The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...
CVE-2023-2452
CVE-2023-2452 affects the WordPress plugin Advanced Woo Search (versions ≤ 2.77). It is a stored XSS in admin settings exploitable by authenticated admins (Administrator+), with impact on multi-site installs and where unfiltered_html is disabled. The issue is due to insufficient input sanitizatio...
WordPress Plugin Advanced Woo Search 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Advanced Woo Search Plugin <= 2.77 is vulnerable to Cross Site Scripting (XSS)
Software Advanced Woo Search Type Plugin Vulnerable versions = 2.77 Fixed in 2.78 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2452 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 2bde54a18d9f Credits Ivan Kuzymchak Require...