{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/wp-autosuggest/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.2,"id":"CVE-2018-25434"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["WP AutoSuggest"],"_cs_severities":["high"],"_cs_tags":["sql-injection","wordpress","cve-2018-25434"],"_cs_type":"threat","_cs_vendors":["WordPress"],"content_html":"\u003cp\u003eWP AutoSuggest 0.24 is vulnerable to SQL injection. An unauthenticated attacker can send a specially crafted GET request to the \u003ccode\u003eautosuggest.php\u003c/code\u003e endpoint, injecting malicious SQL code into the \u003ccode\u003ewpas_keys\u003c/code\u003e parameter. This can lead to the execution of arbitrary SQL queries, potentially allowing the attacker to read sensitive data from the WordPress database. The vulnerability was reported in CVE-2018-25434 and has a CVSS v3.1 score of 8.2, indicating a high severity due to the potential for unauthorized data access. This issue poses a significant risk to WordPress sites using the WP AutoSuggest plugin.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a WordPress site using WP AutoSuggest version 0.24.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP GET request targeting the \u003ccode\u003eautosuggest.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe attacker injects SQL code into the \u003ccode\u003ewpas_keys\u003c/code\u003e parameter of the GET request.\u003c/li\u003e\n\u003cli\u003eThe web server processes the request, passing the malicious SQL code to the database query without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe database executes the attacker-controlled SQL query.\u003c/li\u003e\n\u003cli\u003eSensitive information, such as user credentials or post content, is extracted from the database.\u003c/li\u003e\n\u003cli\u003eThe extracted data is returned to the attacker in the HTTP response.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the obtained information for further malicious activities, such as account takeover or data exfiltration.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability (CVE-2018-25434) allows an unauthenticated attacker to execute arbitrary SQL queries on the affected WordPress database. This can lead to the disclosure of sensitive information, including user credentials, database configurations, and content of WordPress posts. The number of potential victims is dependent on the number of WordPress sites running the vulnerable WP AutoSuggest plugin version 0.24. If successful, an attacker can gain complete control over the WordPress site\u0026rsquo;s data.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the WP AutoSuggest plugin to a version that addresses the SQL injection vulnerability (CVE-2018-25434).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect CVE-2018-25434 Exploitation — WP AutoSuggest SQL Injection Attempt\u0026rdquo; to your SIEM and tune it for your environment.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious GET requests to \u003ccode\u003eautosuggest.php\u003c/code\u003e containing potentially malicious SQL code in the \u003ccode\u003ewpas_keys\u003c/code\u003e parameter.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-06-01T22:18:49Z","date_published":"2026-06-01T22:18:49Z","id":"https://feed.craftedsignal.io/briefs/2026-06-wp-autosuggest-sql-injection/","summary":"WP AutoSuggest version 0.24 contains an SQL injection vulnerability that allows an unauthenticated attacker to execute arbitrary SQL queries by injecting malicious code through the wpas_keys parameter via GET requests to autosuggest.php, potentially extracting sensitive database information.","title":"WP AutoSuggest 0.24 SQL Injection Vulnerability (CVE-2018-25434)","url":"https://feed.craftedsignal.io/briefs/2026-06-wp-autosuggest-sql-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — WP AutoSuggest","version":"https://jsonfeed.org/version/1.1"}