{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/advance-product-search--voice--ajax-search-for-woocommerce-plugin--1.4.4/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-12753"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Advance Product Search- Voice \u0026 Ajax Search for WooCommerce plugin (\u003c= 1.4.4)"],"_cs_severities":["high"],"_cs_tags":["wordpress","woocommerce","sql-injection","web-vulnerability"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe National Vulnerability Database (NVD) has released an advisory for CVE-2026-12753, detailing a high-severity SQL Injection vulnerability within the \u0026quot;Advance Product Search- Voice \u0026amp; Ajax Search for WooCommerce\u0026quot; plugin for WordPress. This flaw impacts all plugin versions up to and including 1.4.4. The root cause is attributed to insufficient escaping of user-supplied data in the 's' and 'match' parameters, coupled with inadequate preparation of existing SQL queries. This critical vulnerability allows unauthenticated attackers to inject arbitrary SQL queries, leading to the extraction of sensitive information from the underlying WordPress database. The vulnerability carries a CVSS v3.1 base score of 7.5, emphasizing the urgent need for mitigation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker sends a specially crafted HTTP GET or POST request to a WordPress site utilizing the vulnerable \u0026quot;Advance Product Search- Voice \u0026amp; Ajax Search for WooCommerce\u0026quot; plugin.\u003c/li\u003e\n\u003cli\u003eThe malicious request targets plugin functionalities that process the 's' or 'match' parameters, often via AJAX endpoints like \u003ccode\u003e/wp-admin/admin-ajax.php\u003c/code\u003e or specific plugin search URLs.\u003c/li\u003e\n\u003cli\u003eThe attacker embeds SQL injection payloads, such as \u003ccode\u003e' UNION SELECT user(), database() -- -\u003c/code\u003e or \u003ccode\u003e' OR 1=1 -- -\u003c/code\u003e, within the 's' or 'match' parameter values.\u003c/li\u003e\n\u003cli\u003eDue to the plugin's insufficient input sanitization and improper handling of SQL queries, the injected malicious payload is directly concatenated and executed as part of the legitimate SQL query.\u003c/li\u003e\n\u003cli\u003eThe database processes the combined, attacker-controlled SQL query.\u003c/li\u003e\n\u003cli\u003eThe database's response, containing data potentially extracted by the attacker's query (e.g., database version, user hashes, sensitive customer information), is returned to the web server.\u003c/li\u003e\n\u003cli\u003eThe WordPress application then includes these database query results within its HTTP response, allowing the unauthenticated attacker to view or retrieve the sensitive data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-12753 enables unauthenticated attackers to achieve full database compromise of the affected WordPress site. This can lead to the exfiltration of highly sensitive data, including customer personal identifiable information (PII), payment details (if stored), user account credentials (usernames and hashed passwords for administrators and regular users), and any other proprietary business data stored in the database. Such a breach can result in severe financial penalties, significant reputational damage, loss of customer trust, and potential regulatory non-compliance, severely impacting the affected organization.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2026-12753 immediately by updating the \u0026quot;Advance Product Search- Voice \u0026amp; Ajax Search for WooCommerce\u0026quot; plugin to a version greater than 1.4.4.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026quot;Detects CVE-2026-12753 Exploitation - WordPress WooCommerce Plugin SQLi\u0026quot; to your SIEM solution to detect attempts to exploit this vulnerability.\u003c/li\u003e\n\u003cli\u003eConfigure web server logging (log source: \u003ccode\u003ewebserver\u003c/code\u003e category) to capture full HTTP request details, including \u003ccode\u003ecs-uri-query\u003c/code\u003e, and monitor for suspicious patterns indicative of SQL injection payloads.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-16T04:19:25Z","date_published":"2026-07-16T04:19:25Z","id":"https://feed.craftedsignal.io/briefs/2026-07-wordpress-woo-sqli/","summary":"A SQL Injection vulnerability, CVE-2026-12753, has been identified in the Advance Product Search- Voice \u0026 Ajax Search for WooCommerce plugin for WordPress, affecting all versions up to and including 1.4.4. The flaw, caused by insufficient input sanitization of the 's' and 'match' parameters and inadequate SQL query preparation, allows unauthenticated attackers to append arbitrary SQL queries. This enables them to extract sensitive information directly from the database.","title":"SQL Injection Vulnerability in WordPress WooCommerce Advanced Product Search Plugin (CVE-2026-12753)","url":"https://feed.craftedsignal.io/briefs/2026-07-wordpress-woo-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed - Advance Product Search- Voice \u0026 Ajax Search for WooCommerce Plugin (\u003c= 1.4.4)","version":"https://jsonfeed.org/version/1.1"}