CVE-2020-12104
HIGHwp-advanced-search < 3.3.7 - Authenticated SQL Injection via Import Feature
Title source: llmDescription
The Import feature in the wp-advanced-search plugin 3.3.6 for WordPress is vulnerable to authenticated SQL injection via an uploaded .sql file. An attacker can use this to execute SQL commands without any validation.
References (2)
Core 2
Core References
Product, Third Party Advisory x_refsource_misc
https://wordpress.org/plugins/wp-advanced-search/#developers
Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/10199
Scores
CVSS v3
8.8
EPSS
0.0160
EPSS Percentile
73.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
internet-formation/wp-advanced-search
< 3.3.7
Published
May 05, 2020
Tracked Since
Feb 18, 2026