The Ajax WooSearch WordPress plugin through 1.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
https://wpscan.com/vulnerability/38939152-e54e-4f8f-996b-592de195570d/