๐Ÿ” CVE Alert

CVE-2026-12753

HIGH 7.5

Advance Product Search- Voice & Ajax Search for WooCommerce <= 1.4.4 - Unauthenticated SQL Injection via 's' and 'match' Parameter

CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th

The Advance Product Search- Voice & Ajax Search for WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 's' and 'match' parameter in all versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CWE CWE-89
Vendor themehunk
Product advance product search- voice & ajax search for woocommerce
Published Jul 16, 2026
Stay Ahead of the Next One

Get instant alerts for themehunk advance product search- voice & ajax search for woocommerce

Be the first to know when new high vulnerabilities affecting themehunk advance product search- voice & ajax search for woocommerce are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

themehunk / Advance Product Search- Voice & Ajax Search for WooCommerce
0 โ‰ค 1.4.4

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/4aa8342f-1f36-4eb5-8b69-ab90fd85e5cb?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/th-advance-product-search/tags/1.4.4/inc/thaps-function.php#L125 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/th-advance-product-search/tags/1.4.4/inc/thaps-function.php#L86 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/th-advance-product-search/tags/1.4.4/inc/thaps-function.php#L34 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset?reponame=&old=3582785%40th-advance-product-search&new=3582785%40th-advance-product-search

Credits

PRISM