WordPress Plugin Vulnerabilities

WP Advanced Search < 3.3.6 - Unauthenticated SQL Injection

Description

Due to using string concatenation, allowing direct access to a vulnerable PHP file and missing best-practices for coding SQL operations, there exists an unauthenticated SQL injection in autocompletion-PHP5.5.php.

After a month of trying to contact the Plugin author (Twitter, email), we followed generally accepted disclosure guidelines.

Edit (WPScanTeam):
April 1st, 2020 - Report received & Escalated to WP Plugins Team
April 1st, 2020 - WP Plugin Team Investigating & Plugin closed
April 2nd, 2020 - Disclosing
April 3rd, 2020 - v3.3.6 released, fixing the issue

Proof of Concept

Affects Plugins

Plugin icon
wp-advanced-search
Fixed in 3.3.6

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Original Researcher
Teamwork
Submitter twitter
@frycos
Verified
No
WPVDB ID
136e1010-2f1b-4d09-b251-10db01ab72f1

Timeline

Publicly Published
2020-04-02 (about 6 years ago)
Added
2020-04-02 (about 6 years ago)
Last Updated
2020-04-10 (about 6 years ago)

Other

Published
Title
Published
2025-06-30
Title
LMS < 9.3 - Unauthenticated SQL Injection
Published
2025-05-05
Title
Slider & Popup Builder by Depicter < 3.6.2 - Unauthenticated SQLi via 's' Parameter
Published
2014-08-01
Title
Js-appointment <= 1.5 - SQL Injection
Published
2023-03-27
Title
Gallery by BestWebSoft < 4.7.0 - Author+ SQL Injection
Published
2024-09-18
Title
Auto Affiliate Links < 6.4.7 - Admin+ SQL Injection