CVE-2018-25434 WP AutoSuggest 0.24 SQL Injection via autosuggest.php

WP AutoSuggest 0.24 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpaskeys parameter. Attackers can send GET requests to autosuggest.php with crafted wpaskeys values to extract sensitive...

WordPress AutoSuggest 0.24 SQL Injection

Exploit Title: WP AutoSuggest 0.24 - SQL Injection Date: 01-12-2018 Software Link: https://wordpress.org/plugins/wp-autosuggest/ Exploit Author: Kaimi Website: https://kaimi.io Version: 0.24 Category: webapps SQL Injection File: autosuggest.php Vulnerable code: if isset$GET'wpaskeys' $wpaskeys =...

WordPress Plugin AutoSuggest 0.24 - wpas_keys SQL Injection

WordPress Plugin AutoSuggest 0.24 - wpaskeys SQL Injection Exploit Title: WP AutoSuggest 0.24 - SQL Injection Date: 01-12-2018 Software Link: https://wordpress.org/plugins/wp-autosuggest/ Exploit Author: Kaimi Website: https://kaimi.io Version: 0.24 Category: webapps SQL Injection File:...