SQL injection vulnerability in the "the_search_function" function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin prior to 1.3 for WordPress allows remote malicious users to execute arbitrary SQL commands via the srch_txt parameter in a "the_search_text" action to wp-admin/admin-ajax.php.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
ajax search project ajax search |
Vulmon