VYPR

Advanced Woo Search

by WordPress

Source repositories

CVEs (8)

  • CVE-2025-2302MedMar 26, 2025
    risk 0.42cvss 6.4epss 0.00

    The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aws_search_terms shortcode in all versions up to, and including, 3.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…

  • CVE-2024-0251MedJan 13, 2024
    risk 0.40cvss 6.1epss 0.00

    The Advanced Woo Search plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search parameter in all versions up to, and including, 2.96 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to…

  • CVE-2023-2452MedJun 9, 2023
    risk 0.29cvss 4.4epss 0.01

    The Advanced Woo Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…

  • CVE-2024-9796Oct 10, 2024
    risk 0.07cvss epss 0.03

    The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks

  • CVE-2024-10554Mar 25, 2025
    risk 0.00cvss epss 0.00

    The WordPress WP-Advanced-Search WordPress plugin before 3.3.9.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for…

  • CVE-2024-3265Apr 25, 2024
    risk 0.00cvss epss 0.00

    The Advanced Search WordPress plugin through 1.1.6 does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations.

  • CVE-2024-2739Apr 15, 2024
    risk 0.00cvss epss 0.00

    The Advanced Search WordPress plugin through 1.1.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

  • CVE-2020-12070Apr 24, 2020
    risk 0.00cvss epss 0.02

    The Advanced Woo Search plugin version through 1.99 for Wordpress suffers from a sensitive information disclosure vulnerability in every ajax search request via the sql field to includes/class-aws-search.php.