WordPress Plugin Vulnerabilities

Ajax Search Pro < 4.19 - Subscriber+ SQL Injection

Description

The plugin does not properly escape user input as it gets into an SQL query in certain AJAX actions.

Proof of Concept

Affects Plugins

Plugin icon
ajax-search-pro
Fixed in 4.19

References

URL
https://changelog.ajaxsearchpro.com/#4.19-2020-08.03

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
7.7 (high)

Miscellaneous

Submitter
Chris Grello
Verified
Yes
WPVDB ID
2c04d49a-d9e1-4913-a9d8-4042b6547ae7

Timeline

Publicly Published
2020-08-03 (about 5 years ago)
Added
2023-03-30 (about 3 years ago)
Last Updated
2023-03-30 (about 3 years ago)

Other

Published
Title
Published
2025-06-05
Title
ShortLinks Pro < 1.0.8 - Authenticated (Administrator+) SQL Injection
Published
2025-04-04
Title
Daisycon prijsvergelijkers < 4.9.0 - Contributor+ SQL Injection
Published
2022-03-08
Title
WP Block and Stop Bad Bots < 6.88 - Unauthenticated SQLi
Published
2025-10-02
Title
WPRecovery <= 2.0 - Unauthenticated SQL Injection to Arbitrary File Deletion
Published
2021-10-11
Title
WCFM - Frontend Manager for WooCommerce < 6.5.12 - Customer/Subscriber+ SQL Injection