Wp Fast Total Search
Monthly
SQL injection in the WP Fast Total Search (fulltext-search) WordPress plugin by epsiloncool affects all versions up to and including 1.80.280, letting unauthenticated remote attackers inject arbitrary SQL into backend queries (CWE-89). Because the CVSS vector uses PR:N/UI:N with a scope change, exploitation needs no login or user interaction and can reach data beyond the plugin's own tables. No public exploit was identified at time of analysis; the issue was reported through Patchstack and carries a critical 9.3 base score.
SQL injection in the WP Fast Total Search (fulltext-search) WordPress plugin by epsiloncool affects all versions up to and including 1.80.280, letting unauthenticated remote attackers inject arbitrary SQL into backend queries (CWE-89). Because the CVSS vector uses PR:N/UI:N with a scope change, exploitation needs no login or user interaction and can reach data beyond the plugin's own tables. No public exploit was identified at time of analysis; the issue was reported through Patchstack and carries a critical 9.3 base score.