Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Unauthenticated remote SQLi (AV:N/AC:L/PR:N/UI:N) primarily enabling database read (C:H); I/A set to N as evidence points to data disclosure, and scope kept Unchanged absent clear cross-authority impact.
Primary rating from Vendor (patchstack).
CVSS VectorVendor: patchstack
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Lifecycle Timeline
1DescriptionCVE.org
Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versions.
AnalysisAI
Unauthenticated SQL injection in the WordPress "Advance Product Search" plugin (slug th-advance-product-search) through version 1.4.4 lets remote attackers inject crafted SQL via a search-facing parameter without any login. Because the CVSS vector marks privileges as none (PR:N) and a scope change (S:C), an attacker can reach and read backend database content reachable from the plugin's queries. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the vulnerable Advance Product Search plugin (<= 1.4.4) is installed and active on a publicly reachable WordPress site, and that the attacker reaches its search request parameter - the injection point per the SQLi tag and CWE-89. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are partly conflicting and partly missing. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker scans the internet for WordPress sites running the Advance Product Search plugin and sends a crafted request to its search endpoint with a malicious SQL payload in a search parameter. Because no authentication is required, the injected query executes against the WordPress database and the attacker exfiltrates sensitive data such as user records, password hashes, or session/option secrets. … |
| Remediation | No vendor-released patched version is identified in the available data, so the specific fix release cannot be cited; consult the Patchstack advisory (https://patchstack.com/database/wordpress/plugin/th-advance-product-search/vulnerability/wordpress-advance-product-search-plugin-1-4-4-sql-injection-vulnerability) and the plugin's WordPress.org/vendor page for the first release above 1.4.4 and upgrade once confirmed. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all WordPress instances running Advance Product Search plugin and immediately disable and remove it; check web server logs for suspicious SQL-like query patterns targeting the search parameter. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39723
GHSA-h8f9-g796-676q