GHSA-84gh-g786-5g5wHighCVSS 8.2
WP AutoSuggest 0.24 contains an SQL injection vulnerability that allows unauthenticated attackers...
🔗 CVE IDs covered (1)
📋 Description
WP AutoSuggest 0.24 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpas_keys parameter. Attackers can send GET requests to autosuggest.php with crafted wpas_keys values to extract sensitive database information from WordPress posts and other tables.