cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forwp-advanced-search wp-advanced-search

Direction: ascending
Jun 07, 2024

WordPress WP-Advanced-Search # CVE-2020-12104

CVE, Research URL

CVE-2020-12104

Home page URL

Security reports for WordPress WP-Advanced-Search

Application

WordPress WP-Advanced-Search

Date
May 05, 2020
Research Description
The Import feature in the wp-advanced-search plugin 3.3.6 for WordPress is vulnerable to authenticated SQL injection via an uploaded .sql file. An attacker can use this to execute SQL commands without any validation.
Affected versions
max 3.3.7.
Status
vulnerable

WordPress WP-Advanced-Search # CVE-2022-47447

CVE, Research URL

CVE-2022-47447

Home page URL

Security reports for WordPress WP-Advanced-Search

Application

WordPress WP-Advanced-Search

Date
May 24, 2023
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in Mathieu Chartier WordPress WP-Advanced-Search plugin <= 3.3.8 versions.
Affected versions
max 3.3.6.
Status
vulnerable
Oct 12, 2024

WordPress WP-Advanced-Search # CVE-2024-9796

CVE, Research URL

CVE-2024-9796

Home page URL

Security reports for WordPress WP-Advanced-Search

Application

WordPress WP-Advanced-Search

Date
Oct 10, 2024
Research Description
The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
Affected versions
max 3.3.9.2.
Status
vulnerable
Mar 27, 2025

WordPress WP-Advanced-Search # CVE-2024-10554

CVE, Research URL

CVE-2024-10554

Home page URL

Security reports for WordPress WP-Advanced-Search

Application

WordPress WP-Advanced-Search

Date
Mar 25, 2025
Research Description
The WordPress WP-Advanced-Search WordPress plugin before 3.3.9.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions
max 3.3.9.3.
Status
vulnerable
Apr 18, 2025

WordPress WP-Advanced-Search # CVE-2025-39538

CVE, Research URL

CVE-2025-39538

Home page URL

Security reports for WordPress WP-Advanced-Search

Application

WordPress WP-Advanced-Search

Date
Apr 16, 2025
Research Description
Unrestricted Upload of File with Dangerous Type vulnerability in Mathieu Chartier WP-Advanced-Search allows Upload a Web Shell to a Web Server. This issue affects WP-Advanced-Search: from n/a through 3.3.9.3.
Affected versions
max 3.3.9.3.
Status
vulnerable