Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 03 Jun 2026 02:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Eliekhoury
Eliekhoury wp Autosuggest Wordpress Wordpress wordpress |
|
| Vendors & Products |
Eliekhoury
Eliekhoury wp Autosuggest Wordpress Wordpress wordpress |
Tue, 02 Jun 2026 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 01 Jun 2026 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | WP AutoSuggest 0.24 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpas_keys parameter. Attackers can send GET requests to autosuggest.php with crafted wpas_keys values to extract sensitive database information from WordPress posts and other tables. | |
| Title | WP AutoSuggest 0.24 SQL Injection via autosuggest.php | |
| First Time appeared |
What3words
What3words autosuggest |
|
| Weaknesses | CWE-89 | |
| CPEs | cpe:2.3:a:what3words:autosuggest:0.24:*:*:*:*:*:*:* | |
| Vendors & Products |
What3words
What3words autosuggest |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-06-02T15:49:20.062Z
Reserved: 2026-06-01T11:54:21.342Z
Link: CVE-2018-25434
Updated: 2026-06-02T15:49:15.436Z
Status : Deferred
Published: 2026-06-01T22:16:16.860
Modified: 2026-06-02T14:43:49.920
Link: CVE-2018-25434
No data.
OpenCVE Enrichment
Updated: 2026-06-02T20:52:28Z