SearchWP Live Ajax Search < 1.6.2 - Unauthenticated Arbitrary Post Title Disclosure

The plugin does not ensure that users making. alive search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink id: CVE-2022-2535 info: name: SearchWP Live Ajax Search 1.6.2 -...

Exploit for SQL Injection in Devcode Openstamanager

CVE-2026-24417: OpenSTAManager has a Time-Based Blind SQL Inje...

EUVD-2026-14150

The Task Manager plugin for WordPress is vulnerable to arbitrary shortcode execution via the 'search' AJAX action in all versions up to, and including, 3.0.2. This is due to missing capability checks in the callbacksearch function and insufficient input validation that allows shortcode syntax...

CVE-2026-4004

CVE-2026-4004 affects the WordPress Task Manager plugin up to version 3.0.2. The vulnerability stems from missing capability checks in the callback_search() function and insufficient input validation that lets shortcode syntax (square brackets) pass through sanitize_text_field() and be concatenat...

CVE-2025-14742

The WP Recipe Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajaxsearchrecipes' and 'ajaxgetrecipe' functions in all versions up to, and including, 10.2.3. This makes it possible for authenticated attackers, with Subscriber-level...

GHSA-4HC4-8599-XH2H OpenSTAManager has a Time-Based Blind SQL Injection with Amplified Denial of Service

Summary Critical Time-Based Blind SQL Injection vulnerability affecting multiple search modules in OpenSTAManager v2.9.8 allows authenticated attackers to extract sensitive database contents including password hashes, customer data, and financial records through time-based Boolean inference attac...

OpenSTAManager has a Time-Based Blind SQL Injection with Amplified Denial of Service

Summary Critical Time-Based Blind SQL Injection vulnerability affecting multiple search modules in OpenSTAManager v2.9.8 allows authenticated attackers to extract sensitive database contents including password hashes, customer data, and financial records through time-based Boolean inference attac...

WordPress YITH WooCommerce Ajax Search plugin < 2.7.1 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by John Castro in WordPress Plugin YITH WooCommerce Ajax Search versions 2.7.1...

CVE-2020-12070

The Advanced Woo Search plugin version through 1.99 for Wordpress suffers from a sensitive information disclosure vulnerability in every ajax search request via the sql field to includes/class-aws-search.php...

CVE-2025-1116

A vulnerability, which was classified as critical, has been found in Dreamvention Live AJAX Search Free up to 1.0.6 on OpenCart. Affected by this issue is the function searchresults/search of the file /?route=extension/livesearch/module/livesearch.searchresults. The manipulation of the argument...

CVE-2025-13215

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.17.13 via the auxelsajaxsearch due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers...

CVE-2025-13215

CVE-2025-13215 : Information exposure in WordPress plugin “Shortcodes and extra features for Phlox theme” allows unauthenticated users to view draft post titles via auxels_ajax_search in all versions up to 2.17.13. Patch released in 2.17.13 (remediation noted). Base CVSS 3.1/3.1 vector indicates ...

CVE-2025-13215 Shortcodes and extra features for Phlox theme <= 2.17.13 - Unauthenticated Draft Posts Information Exposure

The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.17.13 via the auxelsajaxsearch due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers...

CVE-2025-48086

Deserialization of Untrusted Data vulnerability in wpdreams Ajax Search Lite ajax-search-lite allows Object Injection.This issue affects Ajax Search Lite: from n/a through = 4.13.3...

CVE-2025-48086

Deserialization of Untrusted Data vulnerability in wpdreams Ajax Search Lite ajax-search-lite allows Object Injection.This issue affects Ajax Search Lite: from n/a through = 4.13.3...

CVE-2025-48086 WordPress Ajax Search Lite plugin <= 4.13.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in wpdreams Ajax Search Lite ajax-search-lite allows Object Injection.This issue affects Ajax Search Lite: from n/a through = 4.13.3...

EUVD-2025-38020

Deserialization of Untrusted Data vulnerability in wpdreams Ajax Search Lite ajax-search-lite allows Object Injection.This issue affects Ajax Search Lite: from n/a through = 4.13.3...

CVE-2025-48086

CVE-2025-48086 affects Ajax Search Lite (WordPress plugin)

CVE-2025-48086 WordPress Ajax Search Lite plugin <= 4.13.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in wpdreams Ajax Search Lite ajax-search-lite allows Object Injection.This issue affects Ajax Search Lite: from n/a through = 4.13.3...

WordPress plugin Ajax Search Lite 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...