Wp-advanced-search Security Vulnerabilities and Issues — Wp-advanced-search CVE List

Lucene search

Internet-formationWp-advanced-search

4 matches found

CVE•added 2020/05/05 3:15 p.m.•76 views

CVE-2020-12104

The Import feature in the wp-advanced-search plugin 3.3.6 for WordPress is vulnerable to authenticated SQL injection via an uploaded .sql file. An attacker can use this to execute SQL commands without any validation.

8.8CVSS9AI score0.00623EPSS

CVE•added 2023/05/24 5:15 p.m.•46 views

CVE-2022-47447

Cross-Site Request Forgery (CSRF) vulnerability in Mathieu Chartier WordPress WP-Advanced-Search plugin

8.8CVSS6.5AI score0.0006EPSS

CVE•added 2024/10/10 8:15 a.m.•43 views

CVE-2024-9796

The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks

9.8CVSS9.8AI score0.74048EPSS

CVE•added 2025/03/25 6:15 a.m.•40 views

CVE-2024-10554

The WordPress WP-Advanced-Search WordPress plugin before 3.3.9.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite se...

3.5CVSS5.8AI score0.00036EPSS