SQL Injection Vulnerability in Advance Product Search for WooCommerce Plugin
CVE-2026-12753

7.5HIGH

What is CVE-2026-12753?

The Advance Product Search - Voice & Ajax Search for WooCommerce plugin for WordPress has a vulnerability that allows unauthenticated users to execute SQL Injection attacks. This is due to insufficient escaping of user-supplied input in the 's' and 'match' parameters, combined with the inadequate preparation of SQL queries. An attacker could manipulate these parameters to append malicious SQL statements, potentially exposing sensitive data from the database.

Affected Version(s)

Advance Product Search- Voice & Ajax Search for WooCommerce 0 <= 1.4.4

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

PRISM
.