Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

WP-Advanced-Search

Source -

CNA

CNA CVEs -

2

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
2Vulnerabilities found
CVE-2025-39538
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-6.6||MEDIUM
EPSS-0.34% / 56.41%
||
7 Day CHG~0.00%
Published-16 Apr, 2025 | 12:45
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP-Advanced-Search plugin <= 3.3.9.4 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Mathieu Chartier WP-Advanced-Search wp-advanced-search allows Upload a Web Shell to a Web Server.This issue affects WP-Advanced-Search: from n/a through <= 3.3.9.4.

Action-Not Available
Vendor-Mathieu Chartier
Product-WP-Advanced-Search
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-9796
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-5.9||MEDIUM
EPSS-83.12% / 99.27%
||
7 Day CHG~0.00%
Published-10 Oct, 2024 | 07:38
Updated-15 Oct, 2024 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP-Advanced-Search < 3.3.9.2 - Unauthenticated SQL Injection

The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks

Action-Not Available
Vendor-internet-formationUnknownwp-advanced-search_project
Product-wp-advanced-searchWP-Advanced-Searchwp-advanced-search
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')