Product
A SQL Injection vulnerability, CVE-2026-12753, has been identified in the Advance Product Search- Voice & Ajax Search for WooCommerce plugin for WordPress, affecting all versions up to and including 1.4.4. The flaw, caused by insufficient input sanitization of the 's' and 'match' parameters and inadequate SQL query preparation, allows unauthenticated attackers to append arbitrary SQL queries. This enables them to extract sensitive information directly from the database.