CVE-2012-5853 Information

Description

SQL injection vulnerability in the \the_search_function\ function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin before 1.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the srch_txt parameter in a \the_search_text\ action to wp-admin/admin-ajax.php.

Reference

http://seclists.org/bugtraq/2012/Nov/33 https://wordpress.org/plugins/cardoza-ajax-search/changelog/