Lucene search
+L

27 matches found

Patchstack
Patchstack
added 2021/11/02 12:0 a.m.11 views

WordPress Ivory Search plugin <= 4.7 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered in WordPress Ivory Search plugin versions = 4.7. Solution Update to the latest available version at least 4.7.1...

2.3AI score
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2021/10/21 8:18 p.m.4 views

CVE-2021-36869 WordPress Ivory Search plugin <= 4.6.6 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability in WordPress Ivory Search plugin versions = 4.6.6. Vulnerable parameter: &post...

4.8CVSS5.7AI score0.00731EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/10/21 8:18 p.m.25 views

CVE-2021-36869 WordPress Ivory Search plugin <= 4.6.6 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability in WordPress Ivory Search plugin versions = 4.6.6. Vulnerable parameter: &post...

4.8CVSS6.2AI score0.00731EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2021/10/01 12:0 a.m.16 views

Ivory Search < 4.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the post parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue. The data parameter was also affected, although it was not reported. PoC...

6.1CVSS0.1AI score0.00731EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2021/04/28 12:0 a.m.7 views

WordPress Cross-Site Scripting Vulnerability (CNVD-2021-44303)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the Ivory Search WordPress plugin versions prior to...

6.1CVSS5.8AI score0.01173EPSS
Exploits2References1
OSV
OSV
added 2021/04/22 9:15 p.m.5 views

CVE-2021-24234

The Search Forms page of the Ivory Search WordPress lugin before 4.6.1 did not properly sanitise the tab parameter before output it in the page, leading to a reflected Cross-Site Scripting issue when opening a malicious crafted link as a high privilege user. Knowledge of a form id is required to...

6.1CVSS5.8AI score0.01173EPSS
Exploits2References3
CNNVD
CNNVD
added 2021/04/22 12:0 a.m.7 views

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the Ivory Search WordPress plugin versions prior to...

6.1CVSS5.3AI score0.01173EPSS
Exploits2References4
Rows per page
Query Builder