cleantalk
Vulnerabilities and Security Researches

WordPress WP-Advanced-Search, CVE-2024-9796

CVE, Research URL

CVE-2024-9796

Home page URL

Security reports for WordPress WP-Advanced-Search

Application

WordPress WP-Advanced-Search

Published on
Oct 10, 2024
Research Description
The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
Affected versions
max 3.3.9.2.
Status
vulnerable
Previous vulnerability researches
WordPress WP-Advanced-Search (CVE-2024-9796) , Oct 12, 2024
WordPress WP-Advanced-Search (CVE-2024-10554) , Mar 27, 2025
WordPress WP-Advanced-Search (CVE-2020-12104) , Jun 07, 2024
WordPress WP-Advanced-Search (CVE-2022-47447) , Jun 07, 2024
WordPress WP-Advanced-Search (CVE-2025-39538) , Apr 18, 2025
New vulnerability
GitHub Gist Shortcode Plugin (CVE-2025-12667) , Dec 12, 2025
Cryptocurrency Payment Gateway for WooCommerce (CVE-2025-12392) , Dec 12, 2025
Wbcom Designs – Private Community for BuddyPress (CVE-2025-67582) , Dec 12, 2025
WP-Walla (CVE-2025-12589) , Dec 12, 2025
Master Addons for Elementor (CVE-2025-63055) , Dec 12, 2025