The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.5.6 via the ajax_load_posts function. This makes it possible for unauthenticated attackers to extract text data from password-protected posts using the boolean-based attack on the AJAX search form
References
Configurations
History
11 Sep 2024, 16:32
Type | Values Removed | Values Added |
---|---|---|
First Time |
Ivorysearch ivory Search
Ivorysearch |
|
CPE | cpe:2.3:a:ivorysearch:ivory_search:*:*:*:*:*:wordpress:*:* | |
CWE | NVD-CWE-noinfo | |
References | () https://plugins.trac.wordpress.org/browser/add-search-to-menu/tags/5.5.6/public/class-is-ajax.php#L45 - Product | |
References | () https://plugins.trac.wordpress.org/browser/add-search-to-menu/tags/5.5.6/public/partials/is-ajax-results.php#L57 - Product | |
References | () https://plugins.trac.wordpress.org/changeset/3145289/ - Patch | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/013f7c26-8348-4c54-af61-473a720a5095?source=cve - Third Party Advisory |
05 Sep 2024, 12:53
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
05 Sep 2024, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-05 07:15
Updated : 2024-09-11 16:32
NVD link : CVE-2024-6835
Mitre link : CVE-2024-6835
CVE.ORG link : CVE-2024-6835
JSON object : View
Products Affected
ivorysearch
- ivory_search
CWE