Filtered by vendor Ajax Search Project
Subscribe
Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-1435 | 1 Ajax Search Project | 1 Ajax Search | 2024-11-21 | N/A | 6.1 MEDIUM |
The Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
CVE-2023-1420 | 1 Ajax Search Project | 1 Ajax Search | 2024-11-21 | N/A | 6.1 MEDIUM |
The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
CVE-2022-38456 | 1 Ajax Search Project | 1 Ajax Search | 2024-11-21 | N/A | 4.3 MEDIUM |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ernest Marcinko Ajax Search Lite plugin <= 4.10.3 versions. | |||||
CVE-2012-5853 | 1 Ajax Search Project | 1 Ajax Search | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in the "the_search_function" function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin before 1.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the srch_txt parameter in a "the_search_text" action to wp-admin/admin-ajax.php. |