SQL Injection Vulnerability in Advanced Search WordPress Plugin
CVE-2024-3265

Currently unrated

Key Information:

Vendor: Wordpress
Status: Advance Search
Vendor: CVE Published:; 25 April 2024

What is CVE-2024-3265?

The Advanced Search WordPress plugin through 1.1.6 does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations.

References

https://wpscan.com/vulnerability/ecb74622-eeed-48b6-a944-...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 25, 2024

Wordpress

What is CVE-2024-3265?

References

Timeline