SQL Injection Vulnerability in wp-advanced-search Plugin for WordPress
CVE-2020-12104
8.8HIGH
What is CVE-2020-12104?
The wp-advanced-search plugin version 3.3.6 for WordPress contains a vulnerability in its import feature that allows authenticated users to perform SQL injection by uploading a malicious .sql file. This allows attackers to execute arbitrary SQL commands against the database without proper validation, posing significant security risks and potentially leading to unauthorized data access or manipulation.