Vulnerability Details CVE-2012-5853
SQL injection vulnerability in the "the_search_function" function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin before 1.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the srch_txt parameter in a "the_search_text" action to wp-admin/admin-ajax.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.8%
CVSS Severity
CVSS v2 Score 7.5
References
Products affected by CVE-2012-5853
-
cpe:2.3:a:vinojcardoza:ajax_post_search:1.0
-
cpe:2.3:a:vinojcardoza:ajax_post_search:1.1
-
cpe:2.3:a:vinojcardoza:ajax_post_search:1.2