Filtered by vendor Ajax Search Project
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-5853 | 1 Ajax Search Project | 1 Ajax Search | 2024-08-06 | N/A |
| SQL injection vulnerability in the "the_search_function" function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin before 1.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the srch_txt parameter in a "the_search_text" action to wp-admin/admin-ajax.php. | ||||
| CVE-2022-38456 | 1 Ajax Search Project | 1 Ajax Search | 2024-08-03 | 4.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ernest Marcinko Ajax Search Lite pluginĀ <= 4.10.3 versions. | ||||
| CVE-2023-1435 | 1 Ajax Search Project | 1 Ajax Search | 2024-08-02 | 6.1 Medium |
| The Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2023-1420 | 1 Ajax Search Project | 1 Ajax Search | 2024-08-02 | 6.1 Medium |
| The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
Page 1 of 1.