Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2022-4297

Published: 02/01/2023 Updated: 07/11/2023
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Netflixtech

Vulnerability Summary

The WP AutoComplete Search WordPress plugin up to and including 1.0.4 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection

Vulnerable Product Search on Vulmon Subscribe to Product

netflixtech wp autocomplete search

Exploits

Exploit DB: WordPress WP AutoComplete Search 1.0.4 SQL Injection
WordPress WP AutoComplete Search plugin versions 104 and below suffer from a remote SQL injection vulnerability ...

References

https://wpscan.com/vulnerability/e2dcc76c-65ac-4cd6-a5c9-6d813b5ac26dhttp://packetstormsecurity.com/files/173293/WordPress-WP-AutoComplete-Search-1.0.4-SQL-Injection.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/173293/WordPress-WP-AutoComplete-Search-1.0.4-SQL-Injection.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook