Lucene search

[email protected]NVD:CVE-2024-6835

HistorySep 05, 2024 - 7:15 a.m.

CVE-2024-6835

2024-09-0507:15:02

CWE-200

[email protected]

web.nvd.nist.gov

wordpress

information exposure

ajax vulnerability

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

21.0%

JSON

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.5.6 via the ajax_load_posts function. This makes it possible for unauthenticated attackers to extract text data from password-protected posts using the boolean-based attack on the AJAX search form

Affected configurations

Nvd

Node

ivorysearchivory_searchRange<5.5.7wordpress

VendorProductVersionCPE
ivorysearchivory_search*cpe:2.3:a:ivorysearch:ivory_search:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
ivorysearch	ivory_search	*	cpe:2.3:a:ivorysearch:ivory_search::::::wordpress::*

References

plugins.trac.wordpress.org/browser/add-search-to-menu/tags/5.5.6/public/class-is-ajax.php#L45

plugins.trac.wordpress.org/browser/add-search-to-menu/tags/5.5.6/public/partials/is-ajax-results.php#L57

plugins.trac.wordpress.org/changeset/3145289/

www.wordfence.com/threat-intel/vulnerabilities/id/013f7c26-8348-4c54-af61-473a720a5095?source=cve

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

21.0%

JSON

Related for NVD:CVE-2024-6835

vulnrichment1 cve1 cvelist1 wordfence1