VYPR

Advanced Woo Search

by Advanced Woo Search

CVEs (7)

  • CVE-2025-2302MedMar 26, 2025
    risk 0.42cvss 6.4epss 0.00

    The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aws_search_terms shortcode in all versions up to, and including, 3.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…

  • CVE-2024-0251MedJan 13, 2024
    risk 0.40cvss 6.1epss 0.00

    The Advanced Woo Search plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search parameter in all versions up to, and including, 2.96 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to…

  • CVE-2023-2452MedJun 9, 2023
    risk 0.29cvss 4.4epss 0.01

    The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…

  • CVE-2024-9796Oct 10, 2024
    risk 0.07cvss epss 0.03

    The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks

  • CVE-2024-2739Apr 15, 2024
    risk 0.00cvss epss 0.00

    The Advanced Search WordPress plugin through 1.1.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

  • CVE-2022-47447May 24, 2023
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Mathieu Chartier WordPress WP-Advanced-Search plugin <= 3.3.8 versions.

  • CVE-2020-12104May 5, 2020
    risk 0.00cvss epss 0.02

    The Import feature in the wp-advanced-search plugin 3.3.6 for WordPress is vulnerable to authenticated SQL injection via an uploaded .sql file. An attacker can use this to execute SQL commands without any validation.