Vulnerabilities (CVE)

Filtered by vendor Ajax Search Project Subscribe
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-1435 1 Ajax Search Project 1 Ajax Search 2024-11-21 N/A 6.1 MEDIUM
The Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2023-1420 1 Ajax Search Project 1 Ajax Search 2024-11-21 N/A 6.1 MEDIUM
The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2022-38456 1 Ajax Search Project 1 Ajax Search 2024-11-21 N/A 4.3 MEDIUM
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ernest Marcinko Ajax Search Lite pluginĀ <= 4.10.3 versions.
CVE-2012-5853 1 Ajax Search Project 1 Ajax Search 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the "the_search_function" function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin before 1.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the srch_txt parameter in a "the_search_text" action to wp-admin/admin-ajax.php.