The YITH WooCommerce Ajax Search plugin versions up to 2.8.0 contain an SQL Injection vulnerability (CVE-2024-47350) due to improper neutralization of special elements in SQL commands. This vulnerability allows remote attackers to inject malicious SQL code without authentication or user interaction, potentially compromising database confidentiality and causing limited availability impact. The CVSS 3.1 score is 9.3 (critical), reflecting the ease of exploitation and potential impact. No patch or official remediation details are currently provided, and no known exploits have been observed in the wild.

Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the affected system's database. This can lead to unauthorized disclosure of sensitive information (high confidentiality impact) and minor disruption of service (low availability impact). The integrity impact is not indicated, suggesting data modification or destruction is not confirmed. The vulnerability is exploitable over the network with low complexity and no privileges or user interaction required.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, consider disabling or removing the affected plugin version to prevent exploitation. Monitor official YITHEMES communications for updates and apply patches promptly once available.