cvedb.io
CVE-2024-3265
MEDIUM · CVSS 4.7
EPSS exploitation probability: 0%
Published 2024-04-25T22:15:09.043 · Last modified 2026-06-17T07:43:38.883

Summary

The Advanced Search WordPress plugin through 1.1.6 does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations.

Affected products

advance_search_project — advance_search

Does this affect you?

Add your gear to cvedb and we'll alert you only when advance_search_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.