CVE-2024-7084 Ajax Search Lite < 4.12.1 - Admin+ Stored XSS

2024-08-0606:00:07

WPScan

www.cve.org

ajax search lite

wordpress

plugin

4.12.1

admin+ stored

xss

cross-site scripting

attacks

EPSS

Percentile

9.5%

JSON

The Ajax Search Lite WordPress plugin before 4.12.1 does not sanitise and escape some parameters, which could allow users with a role as low as Admin+ to perform Cross-Site Scripting attacks.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Ajax Search Lite",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "4.12.1"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

wpscan.com/vulnerability/0d38bf4d-de6a-49f8-be69-fa483fa61bb7/

EPSS

Percentile

9.5%

JSON

Related for CVELIST:CVE-2024-7084