Filtered by vendor Ajax Search Project Subscriptions
Total 5 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-1435 1 Ajax Search Project 1 Ajax Search 2024-11-21 6.1 Medium
The Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2023-1420 1 Ajax Search Project 1 Ajax Search 2024-11-21 6.1 Medium
The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2022-38456 1 Ajax Search Project 1 Ajax Search 2024-11-21 4.3 Medium
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ernest Marcinko Ajax Search Lite pluginĀ <= 4.10.3 versions.
CVE-2012-5853 1 Ajax Search Project 1 Ajax Search 2024-11-21 N/A
SQL injection vulnerability in the "the_search_function" function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin before 1.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the srch_txt parameter in a "the_search_text" action to wp-admin/admin-ajax.php.
CVE-2024-7084 1 Ajax Search Project 1 Ajax Search 2024-11-01 4.8 Medium
The Ajax Search Lite WordPress plugin before 4.12.1 does not sanitise and escape some parameters, which could allow users with a role as low as Admin+ to perform Cross-Site Scripting attacks.