GHSA-84gh-g786-5g5wHighCVSS 8.2

WP AutoSuggest 0.24 contains an SQL injection vulnerability that allows unauthenticated attackers...

Published
June 2, 2026
Last Modified
June 2, 2026

🔗 CVE IDs covered (1)

📋 Description

WP AutoSuggest 0.24 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpas_keys parameter. Attackers can send GET requests to autosuggest.php with crafted wpas_keys values to extract sensitive database information from WordPress posts and other tables.

🔗 References (6)