SQL Injection Vulnerability in Advance Product Search for WooCommerce Plugin
CVE-2026-12753
7.5HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 16 July 2026
What is CVE-2026-12753?
The Advance Product Search - Voice & Ajax Search for WooCommerce plugin for WordPress has a vulnerability that allows unauthenticated users to execute SQL Injection attacks. This is due to insufficient escaping of user-supplied input in the 's' and 'match' parameters, combined with the inadequate preparation of SQL queries. An attacker could manipulate these parameters to append malicious SQL statements, potentially exposing sensitive data from the database.
Affected Version(s)
Advance Product Search- Voice & Ajax Search for WooCommerce 0 <= 1.4.4