Skip to main content

Advance Product Search CVE-2026-12753

| EUVDEUVD-2026-44857 HIGH
SQL Injection (CWE-89)
2026-07-16 Wordfence GHSA-88gq-qj38-4cpw
7.5
CVSS 3.1 · NVD
Share

Severity by source

Vendor (Wordfence) PRIMARY
HIGH
qualitative
NVD
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vuln.today AI
7.5 HIGH

Unauthenticated network-reachable AJAX endpoint (AV:N/AC:L/PR:N/UI:N) with read-only SQLi yielding high confidentiality loss but no integrity or availability impact (C:H/I:N/A:N).

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (Wordfence).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jul 16, 2026 - 03:46 vuln.today
CVE Published
Jul 16, 2026 - 02:30 cve.org
HIGH 7.5

DescriptionNVD

The Advance Product Search- Voice & Ajax Search for WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 's' and 'match' parameter in all versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

AnalysisAI

SQL injection in ThemeHunk's Advance Product Search - Voice & Ajax Search for WooCommerce plugin (all versions ≤ 1.4.4) lets unauthenticated attackers inject arbitrary SQL through the 's' and 'match' search parameters, enabling extraction of sensitive database contents such as user credentials and order data. The flaw stems from unescaped, unprepared query construction in the plugin's AJAX search backend and is remotely exploitable without authentication or user interaction. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Locate WordPress site running the plugin
Delivery
Craft SQL payload in 's'/'match' parameter
Exploit
Send request to AJAX search endpoint
Execution
Injected UNION query executes on database
Impact
Exfiltrate credentials and customer data

Vulnerability AssessmentAI

Exploitation Exploitation requires that the ThemeHunk Advance Product Search - Voice & Ajax Search for WooCommerce plugin (version ≤ 1.4.4) is installed and active on a WordPress/WooCommerce site, and that its AJAX/voice search endpoint accepting the 's' and 'match' parameters is reachable by the attacker. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, base 7.5) is internally consistent with the description: network-reachable, low-complexity, unauthenticated, no user interaction, with high confidentiality impact but no integrity or availability impact - matching a read-only data-exfiltration SQLi. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts an HTTP request to the store's AJAX product-search endpoint, placing a UNION-based SQL payload in the 's' or 'match' parameter. Because no authentication, privileges, or user interaction are required and complexity is low, the injected clause executes against the WordPress database and returns administrator password hashes, session data, or customer order details in the search response. …
Remediation Upgrade to a fixed release of the plugin above 1.4.4 as soon as one is confirmed by the vendor; a code fix is visible in the WordPress.org Trac changeset (https://plugins.trac.wordpress.org/changeset?reponame=&old=3582785%40th-advance-product-search&new=3582785%40th-advance-product-search), so an upstream fix is available but a released patched version is not independently confirmed from the provided data - verify the current version on the plugin page before deploying. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, audit all WordPress instances for ThemeHunk's Advance Product Search plugin version 1.4.4 or earlier and document current version status. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-12753 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy