{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3265", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2024-04-03T14:22:48.163Z", "datePublished": "2024-04-25T21:25:07.990Z", "dateUpdated": "2024-08-01T20:05:08.327Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2024-04-25T21:25:07.990Z"}, "title": "WP Advanced Search <= 1.1.6 - Admin+ SQL Injection", "problemTypes": [{"descriptions": [{"description": "CWE-89 SQL Injection", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "Advanced Search", "versions": [{"status": "affected", "versionType": "semver", "version": "0", "lessThanOrEqual": "1.1.6"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "The Advanced Search WordPress plugin through 1.1.6 does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations."}], "references": [{"url": "https://wpscan.com/vulnerability/ecb74622-eeed-48b6-a944-4e3494d6594d/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "fourcade", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-3265", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-29T17:57:35.252338Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:mndpsingh287:advanced_search:*:*:*:*:*:*:*:*"], "vendor": "mndpsingh287", "product": "advanced_search", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:33:12.146Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:05:08.327Z"}, "title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/ecb74622-eeed-48b6-a944-4e3494d6594d/", "tags": ["exploit", "vdb-entry", "technical-description", "x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/ecb74622-eeed-48b6-a944-4e3494d6594d/", "tags": ["exploit", "vdb-entry", "technical-description", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:05:08.327Z"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-3265", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-29T17:57:35.252338Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:mndpsingh287:advanced_search:*:*:*:*:*:*:*:*"], "vendor": "mndpsingh287", "product": "advanced_search", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-29T17:59:51.935Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "WP Advanced Search <= 1.1.6 - Admin+ SQL Injection", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "fourcade"}, {"lang": "en", "type": "coordinator", "value": "WPScan"}], "affected": [{"vendor": "Unknown", "product": "Advanced Search", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.1.6"}], "defaultStatus": "affected"}], "references": [{"url": "https://wpscan.com/vulnerability/ecb74622-eeed-48b6-a944-4e3494d6594d/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "x_generator": {"engine": "WPScan CVE Generator"}, "descriptions": [{"lang": "en", "value": "The Advanced Search WordPress plugin through 1.1.6 does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-89 SQL Injection"}]}], "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2024-04-25T21:25:07.990Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3265", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:05:08.327Z", "dateReserved": "2024-04-03T14:22:48.163Z", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "datePublished": "2024-04-25T21:25:07.990Z", "assignerShortName": "WPScan"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:advance_search_project:advance_search:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "6584B1E0-B80E-46A4-8406-1E45694D0B23", "versionEndIncluding": "1.1.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Advanced Search WordPress plugin through 1.1.6 does not properly escape parameters appended to an SQL query, making it possible for users with the administrator role to conduct SQL Injection attacks in the context of a multisite WordPress configurations."}, {"lang": "es", "value": "El complemento Advanced Search de WordPres hasta la versi\u00f3n 1.1.6 no escapa correctamente a los par\u00e1metros agregados a una consulta SQL, lo que hace posible que los usuarios con funci\u00f3n de administrador realicen ataques de inyecci\u00f3n SQL en el contexto de configuraciones de WordPress multisitio."}], "id": "CVE-2024-3265", "lastModified": "2025-05-08T19:14:12.707", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-04-25T22:15:09.043", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/ecb74622-eeed-48b6-a944-4e3494d6594d/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/ecb74622-eeed-48b6-a944-4e3494d6594d/"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}