CVE-2026-1053

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2026-1053

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2026-1053

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

PT-2026-5081

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

EUVD-2021-11148

Malware in sbrugna...

EUVD-2021-12017

Malware in sbrugna...

EUVD-2024-31825

Malicious code in bioql PyPI...

EUVD-2025-18481

Malicious code in bioql PyPI...

WordPress Ivory Search plugin <= 5.5.12 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Que Thanh Tuan - Blue Rock in WordPress Plugin Ivory Search versions = 5.5.12...

WordPress Ivory Search plugin < 5.5.10 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by WPscan in WordPress Plugin Ivory Search versions 5.5.10...

CVE-2025-5209 Ivory Search < 5.5.10 - Admin+ Stored XSS

The Ivory Search WordPress plugin before 5.5.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2024-3233

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcreateindex function in all versions up to, and including, 5.5.5. This makes it possible for authenticated attackers, with subscriber-lev...

CVE-2021-24234

The Search Forms page of the Ivory Search WordPress lugin before 4.6.1 did not properly sanitise the tab parameter before output it in the page, leading to a reflected Cross-Site Scripting issue when opening a malicious crafted link as a high privilege user. Knowledge of a form id is required to...

CVE-2024-6835

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.5.6 via the ajaxloadposts function. This makes it possible for unauthenticated attackers to extract text data from password-protected posts using the...

WordPress Ivory Search Plugin <= 5.5.5 is vulnerable to Broken Access Control

Software Ivory Search Type Plugin Vulnerable versions = 5.5.5 Fixed in 5.5.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3233 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5ff3a7d3e493 Credits Thura Moe Myint mgthuramoemyint...

Ivory Search < 5.4.7 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting When the plugin displays the usage notice: https://example.com/wp-admin/plugins.php?"alert/XSS/...

CVE-2021-25105

The Ivory Search WordPress plugin before 5.4.1 does not escape some of the Form settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

WordPress Ivory Search plugin <= 4.7 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered in WordPress Ivory Search plugin versions = 4.7. Solution Update to the latest available version at least 4.7.1...

CVE-2021-36869 WordPress Ivory Search plugin <= 4.6.6 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability in WordPress Ivory Search plugin versions = 4.6.6. Vulnerable parameter: &post...

CVE-2021-36869 WordPress Ivory Search plugin <= 4.6.6 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability in WordPress Ivory Search plugin versions = 4.6.6. Vulnerable parameter: &post...