CVE-2023-1420

🗓️ 24 Apr 2023 18:30:49Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 72 Views🌐 WEB

The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 is susceptible to Reflected Cross-Site Scriptin

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2023-1420	24 Apr 202322:19	–	circl
CNNVD	WordPress plugin Ajax Search Lite 跨站脚本漏洞	24 Apr 202300:00	–	cnnvd
Cvelist	CVE-2023-1420 Ajax Search Lite < 4.11.1, Pro < 4.26.2 - Reflected Cross-Site Scripting	24 Apr 202318:30	–	cvelist
EUVD	EUVD-2023-23673	3 Oct 202520:07	–	euvd
NVD	CVE-2023-1420	24 Apr 202319:15	–	nvd
OSV	CVE-2023-1420	24 Apr 202319:15	–	osv
Patchstack	WordPress Ajax Search Lite Plugin <= 4.11 is vulnerable to Cross Site Scripting (XSS)	5 Apr 202300:00	–	patchstack
Patchstack	WordPress Ajax Search Pro Plugin < 4.26.2 is vulnerable to Cross Site Scripting (XSS)	5 Apr 202300:00	–	patchstack
Prion	Cross site scripting	24 Apr 202319:15	–	prion
RedhatCVE	CVE-2023-1420	23 May 202502:32	–	redhatcve

NVD

Vulners

Node

wp-dreams ajax_searchRange<4.11.1litewordpress

wp-dreams ajax_searchRange<4.26.2prowordpress

[
  {
    "vendor": "Unknown",
    "product": "Ajax Search Lite",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "4.11.1"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  },
  {
    "vendor": "Unknown",
    "product": "Ajax Search Pro",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "4.26.2"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/a9a54ee5-2b80-4f55-894c-1047030eea7f

Parameter	Position	Path	Description	CWE
wd_phrase	request body	wp-admin/admin-ajax.php	Reflected Cross-Site Scripting via unsanitised/unstescapeds parameter echoed in AJAX response	CWE-79
wd_args	request body	wp-admin/admin-ajax.php	Reflected Cross-Site Scripting via unsanitised/unstescapeds parameter echoed in AJAX response	CWE-79

18 Mar 2025 15:21Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.16.1

EPSS0.00199

SSVC