WordPress Plugin Vulnerabilities

WP AutoSuggest 0.24 - Unauthenticated SQL Injection

Description

The wp-autosuggest WordPress plugin was affected by an Unauthenticated SQL Injection security vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
wp-autosuggest
No known fix

References

Exploitdb
45977

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Original Researcher
Kaimi
Submitter
Javier Casares
Submitter website
https://www.javiercasares.com/
Submitter twitter
JavierCasares
Verified
Yes
WPVDB ID
01d2cea9-46ba-4d89-9fe9-056917f7a7f8

Timeline

Publicly Published
2018-12-11 (about 7 years ago)
Added
2019-01-07 (about 7 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2025-09-22
Title
Wp tabber widget <= 4.0 - Authenticated (Contributor+) SQL Injection
Published
2025-11-12
Title
0 Day Analytics < 4.1.0 - Authenticated (Administrator+) SQL Injection
Published
2026-03-17
Title
SQL Chart Builder < 2.3.8 - Unauthenticated SQL Injection
Published
2015-12-17
Title
Welcart e-Commerce < 1.5.3 - SQL Injection
Published
2023-07-24
Title
Quasar form <= 6.1 - Subscriber+ SQLi