Internet-Formation: >> Wp-Advanced-Search >> 3.3.7 Security Vulnerabilities
The WordPress WP-Advanced-Search WordPress plugin before 3.3.9.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS Score
3.5
EPSS Score
0.0
Published
2025-03-25
The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
CVSS Score
9.8
EPSS Score
0.74
Published
2024-10-10
Cross-Site Request Forgery (CSRF) vulnerability in Mathieu Chartier WordPress WP-Advanced-Search plugin <= 3.3.8 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-05-24