CVE-2018-25434— WP AutoSuggest 0.24 SQL Injection via autosuggest.php

CVSS 8.2 · High Updated Jun 02, 2026

Possible ATT&CK Techniques 2AI

T1005 · Data from Local System T1190 · Exploit Public-Facing Application

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-25434

AIGC Shenlong Model
NVD (National Vulnerability Database)

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

WP AutoSuggest 0.24 SQL Injection via autosuggest.php

Source: NVD (National Vulnerability Database)

Vulnerability Description

WP AutoSuggest 0.24 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpas_keys parameter. Attackers can send GET requests to autosuggest.php with crafted wpas_keys values to extract sensitive database information from WordPress posts and other tables.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

SQL命令中使用的特殊元素转义处理不恰当(SQL注入)

Source: NVD (National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
eliekhoury	WP AutoSuggest	0.24	-

II. Public POCs for CVE-2018-25434

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2018-25434

请登录查看更多情报信息。

IV. Related Vulnerabilities

Same weakness: CWE-89

V. Comments for CVE-2018-25434

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2018-25434— WP AutoSuggest 0.24 SQL Injection via autosuggest.php

Possible ATT&CK Techniques 2AI

I. Basic Information for CVE-2018-25434

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2018-25434

III. Intelligence Information for CVE-2018-25434

Vendor Advisories for CVE-2018-25434 (1)

Security Blog Posts for CVE-2018-25434 (1)

Vendor Pages for CVE-2018-25434 (1)

IV. Related Vulnerabilities

V. Comments for CVE-2018-25434

Leave a comment