CVE-2024-6835

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.5.6 via the ajax_load_posts function. This makes it possible for unauthenticated attackers to extract text data from password-protected posts using the boolean-based attack on the AJAX search form
Configurations

Configuration 1 (hide)

cpe:2.3:a:ivorysearch:ivory_search:*:*:*:*:*:wordpress:*:*

History

11 Sep 2024, 16:32

Type Values Removed Values Added
First Time Ivorysearch ivory Search
Ivorysearch
CPE cpe:2.3:a:ivorysearch:ivory_search:*:*:*:*:*:wordpress:*:*
CWE NVD-CWE-noinfo
References () https://plugins.trac.wordpress.org/browser/add-search-to-menu/tags/5.5.6/public/class-is-ajax.php#L45 - () https://plugins.trac.wordpress.org/browser/add-search-to-menu/tags/5.5.6/public/class-is-ajax.php#L45 - Product
References () https://plugins.trac.wordpress.org/browser/add-search-to-menu/tags/5.5.6/public/partials/is-ajax-results.php#L57 - () https://plugins.trac.wordpress.org/browser/add-search-to-menu/tags/5.5.6/public/partials/is-ajax-results.php#L57 - Product
References () https://plugins.trac.wordpress.org/changeset/3145289/ - () https://plugins.trac.wordpress.org/changeset/3145289/ - Patch
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/013f7c26-8348-4c54-af61-473a720a5095?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/013f7c26-8348-4c54-af61-473a720a5095?source=cve - Third Party Advisory

05 Sep 2024, 12:53

Type Values Removed Values Added
Summary
  • (es) El complemento Ivory Search – WordPress Search Plugin para WordPress es vulnerable a la exposición de información en todas las versiones hasta la 5.5.6 incluida a través de la función ajax_load_posts. Esto permite que atacantes no autenticados extraigan datos de texto de publicaciones protegidas con contraseña mediante el ataque basado en booleanos en el formulario de búsqueda AJAX.

05 Sep 2024, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-05 07:15

Updated : 2024-09-11 16:32


NVD link : CVE-2024-6835

Mitre link : CVE-2024-6835

CVE.ORG link : CVE-2024-6835


JSON object : View

Products Affected

ivorysearch

  • ivory_search
CWE
NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor