Skip to main content

Advance Product Search CVE-2026-56070

| EUVDEUVD-2026-39723 CRITICAL
SQL Injection (CWE-89)
2026-06-26 audit@patchstack.com GHSA-h8f9-g796-676q
9.3
CVSS 3.1 · Vendor: patchstack
Share

Severity by source

Vendor (patchstack) PRIMARY
9.3 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
vuln.today AI
7.5 HIGH

Unauthenticated remote SQLi (AV:N/AC:L/PR:N/UI:N) primarily enabling database read (C:H); I/A set to N as evidence points to data disclosure, and scope kept Unchanged absent clear cross-authority impact.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (patchstack).

CVSS VectorVendor: patchstack

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
Low

Lifecycle Timeline

1
Analysis Generated
Jun 26, 2026 - 15:56 vuln.today

DescriptionCVE.org

Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versions.

AnalysisAI

Unauthenticated SQL injection in the WordPress "Advance Product Search" plugin (slug th-advance-product-search) through version 1.4.4 lets remote attackers inject crafted SQL via a search-facing parameter without any login. Because the CVSS vector marks privileges as none (PR:N) and a scope change (S:C), an attacker can reach and read backend database content reachable from the plugin's queries. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Scan for sites running the plugin
Exploit
Send crafted search request with SQL payload
Execution
Injection executes in WordPress database query
Impact
Exfiltrate user and option data

Vulnerability AssessmentAI

Exploitation Exploitation requires that the vulnerable Advance Product Search plugin (<= 1.4.4) is installed and active on a publicly reachable WordPress site, and that the attacker reaches its search request parameter - the injection point per the SQLi tag and CWE-89. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are partly conflicting and partly missing. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker scans the internet for WordPress sites running the Advance Product Search plugin and sends a crafted request to its search endpoint with a malicious SQL payload in a search parameter. Because no authentication is required, the injected query executes against the WordPress database and the attacker exfiltrates sensitive data such as user records, password hashes, or session/option secrets. …
Remediation No vendor-released patched version is identified in the available data, so the specific fix release cannot be cited; consult the Patchstack advisory (https://patchstack.com/database/wordpress/plugin/th-advance-product-search/vulnerability/wordpress-advance-product-search-plugin-1-4-4-sql-injection-vulnerability) and the plugin's WordPress.org/vendor page for the first release above 1.4.4 and upgrade once confirmed. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all WordPress instances running Advance Product Search plugin and immediately disable and remove it; check web server logs for suspicious SQL-like query patterns targeting the search parameter. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-56070 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy