Better Search Replace < 1.4.5 - PHP Object Injection

The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. I...

CVE-2026-24938

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ajay Better Search better-search allows Stored XSS.This issue affects Better Search: from n/a through = 4.2.1...

CVE-2026-24938

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ajay Better Search better-search allows Stored XSS.This issue affects Better Search: from n/a through = 4.2.1...

CVE-2026-24938

CVE-2026-24938 affects the WordPress plugin Better Search (versions through 4.2.1). The issue is an improper neutralization of input during web page generation, leading to Stored Cross-Site Scripting (XSS). Affected component: Better Search plugin for WordPress; root cause: input is not properly ...

EUVD-2026-5309

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ajay Better Search better-search allows Stored XSS.This issue affects Better Search: from n/a through = 4.2.1...

CVE-2026-24938 WordPress Better Search plugin <= 4.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ajay Better Search better-search allows Stored XSS.This issue affects Better Search: from n/a through = 4.2.1...

CVE-2026-24938

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ajay Better Search better-search allows Stored XSS.This issue affects Better Search: from n/a through = 4.2.1...

CVE-2026-24938 WordPress Better Search plugin <= 4.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ajay Better Search better-search allows Stored XSS.This issue affects Better Search: from n/a through = 4.2.1...

WordPress plugin Better Search 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-6215

Name of the Vulnerable Software and Affected Versions Ajay Better Search versions through 4.2.1 Description The software contains a flaw due to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This could allow an attacker to inject...

WordPress Better Search plugin <= 4.2.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Better Search versions = 4.2.1...

EUVD-2019-5833

Malware in sbrugna...

EUVD-2025-13817

Malicious code in bioql PyPI...

EUVD-2021-34200

Malicious code in bioql PyPI...

EUVD-2024-26178

Malicious code in bioql PyPI...

CVE-2022-2593

The Better Search Replace WordPress plugin before 1.4.1 does not properly sanitise and escape table data before inserting it into a SQL query, which could allow high privilege users to perform SQL Injection attacks...

CVE-2019-14682

The acf-better-search aka ACF: Better Search plugin before 3.3.1 for WordPress allows wp-admin/options-general.php?page=acfbsadminpage CSRF...

CVE-2025-47507

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ajay Better Search better-search allows DOM-Based XSS.This issue affects Better Search: from n/a through = 4.1.0...

CVE-2025-47507

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ajay Better Search better-search allows DOM-Based XSS.This issue affects Better Search: from n/a through = 4.1.0...

CVE-2025-47507

CVE-2025-47507 affects WordPress plugin Better Search (versions ≤ 4.1.0). It describes a DOM-based XSS due to improper neutralization of input during web page generation. Affected product/versions: Better Search for WordPress, from n/a through 4.1.0. Impact details are limited to the XSS class as...