CVE-2022-2535

2022-08-1511:21:28

CWE-639

[email protected]

web.nvd.nist.gov

cve-2022-2535

searchwp live

ajax search

wordpress

security vulnerability

unauthenticated access

private posts

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.002 Low

EPSS

Percentile

57.6%

JSON

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink

Affected configurations

Vulners

NVD

Node

searchwpsearchwp_live_ajax_searchRange<1.6.2

VendorProductVersionCPE
searchwpsearchwp_live_ajax_search*cpe:2.3:a:searchwp:searchwp_live_ajax_search:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
searchwp	searchwp_live_ajax_search	*	cpe:2.3:a:searchwp:searchwp_live_ajax_search::::::::

CNA Affected

[
  {
    "product": "SearchWP Live Ajax Search",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "1.6.2",
        "status": "affected",
        "version": "1.6.2",
        "versionType": "custom"
      }
    ]
  }
]