CVE-2020-12104

HIGH

wp-advanced-search < 3.3.7 - Authenticated SQL Injection via Import Feature

Title source: llm
STIX 2.1

Description

The Import feature in the wp-advanced-search plugin 3.3.6 for WordPress is vulnerable to authenticated SQL injection via an uploaded .sql file. An attacker can use this to execute SQL commands without any validation.

References (2)

Core 2
Core References
Product, Third Party Advisory x_refsource_misc
https://wordpress.org/plugins/wp-advanced-search/#developers
Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/10199

Scores

CVSS v3 8.8
EPSS 0.0160
EPSS Percentile 73.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
internet-formation/wp-advanced-search < 3.3.7
Published May 05, 2020
Tracked Since Feb 18, 2026