The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
History

Tue, 18 Mar 2025 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Wp-dreams
Wp-dreams ajax Search
CPEs cpe:2.3:a:ajax_search_project:ajax_search:*:*:*:*:lite:wordpress:*:*
cpe:2.3:a:ajax_search_project:ajax_search:*:*:*:*:pro:wordpress:*:*
cpe:2.3:a:wp-dreams:ajax_search:*:*:*:*:lite:wordpress:*:*
cpe:2.3:a:wp-dreams:ajax_search:*:*:*:*:pro:wordpress:*:*
Vendors & Products Ajax Search Project
Ajax Search Project ajax Search
Wp-dreams
Wp-dreams ajax Search

Tue, 04 Feb 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published:

Updated: 2025-02-04T18:43:06.967Z

Reserved: 2023-03-15T16:23:23.134Z

Link: CVE-2023-1420

cve-icon Vulnrichment

Updated: 2024-08-02T05:49:11.402Z

cve-icon NVD

Status : Modified

Published: 2023-04-24T19:15:09.487

Modified: 2025-03-18T15:21:33.470

Link: CVE-2023-1420

cve-icon Redhat

No data.