vendor:
WP AutoSuggest
by:
Kaimi
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: WP AutoSuggest
Affected Version From: 0.24
Affected Version To: 0.24
Patch Exists: YES
Related CWE: N/A
CPE: a:wordpress:wp-autosuggest
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: N/A
2018
WP AutoSuggest 0.24 – SQL Injection
A vulnerability exists in WP AutoSuggest 0.24, where an attacker can inject malicious SQL queries via the 'wpas_keys' parameter in the 'autosuggest.php' file. An attacker can exploit this vulnerability by using a tool such as sqlmap to inject malicious SQL queries and gain access to the database.
Mitigation:
Upgrade to the latest version of WP AutoSuggest, which is not vulnerable to this attack.
