WordPress Plugin Vulnerabilities

Better Search 2.2.2 - Unauthenticated SQL Injection

Description

The Better Search WordPress plugin was affected by an Unauthenticated SQL Injection security vulnerability.

Affects Plugins

Plugin icon
better-search
Fixed in 2.2.3

References

URL
https://plugins.trac.wordpress.org/changeset/2053714/better-search

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
10.0 (critical)

Miscellaneous

Submitter
Ryan Dewhurst
Submitter twitter
ethicalhack3r
Verified
Yes
WPVDB ID
798826a2-5564-4be8-9c5b-2c52d9d2851b

Timeline

Publicly Published
2019-03-15 (about 7 years ago)
Added
2019-03-19 (about 7 years ago)
Last Updated
2021-02-12 (about 5 years ago)

Other

Published
Title
Published
2023-01-17
Title
Simple URLs < 115 - Subscriber+ SQLi
Published
2022-02-01
Title
Page Views Count < 2.4.15 - Unauthenticated SQL Injection
Published
2025-04-23
Title
ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes < 1.5.0 - Authenticated (Subscriber+) SQL Injection
Published
2005-01-06
Title
WordPress 1.5 & 1.5.1.1 - SQL Injection
Published
2024-05-27
Title
Push Notification for Post and BuddyPress <=1.93 - Multiple Unauthenticated SQLi