Description
WordPress Plugin Ajax Search Pro is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently insert a new user with administrative privileges. WordPress Plugin Ajax Search Pro version 3.5 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 4.0 or latest
References
http://research.evex.pw/?vuln=9
http://packetstormsecurity.com/files/130955/WordPress-Ajax-Search-Pro-Remote-Code-Execution.html
Related Vulnerabilities
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1000362)
Drupal Core 9.3.x Security Bypass (9.3.0 - 9.3.13)
PHP Other Vulnerability (CVE-2002-0986)
Oracle JRE CVE-2013-2400 Vulnerability (CVE-2013-2400)
WordPress Plugin Import and export users and customers Multiple Vulnerabilities (1.14.0.2)