Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 1:1 a.m.6 views

CVE-2022-2535

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink...

5.3CVSS6.7AI score0.01464EPSS
Exploits2References1
NVD
NVD
added 2022/08/15 11:21 a.m.27 views

CVE-2022-2535

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink...

5.3CVSS0.01464EPSS
Exploits2References1
Cvelist
Cvelist
added 2022/08/15 8:38 a.m.28 views

CVE-2022-2535 SearchWP Live Ajax Search < 1.6.2 - Unauthenticated Arbitrary Post Title Disclosure

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink...

5.5AI score0.01464EPSS
Exploits2References1
CVE
CVE
added 2022/08/15 8:38 a.m.94 views

CVE-2022-2535

The vulnerability CVE-2022-2535 affects WordPress plugin SearchWP Live Ajax Search (versions before 1.6.2). The root cause is that live search queries do not restrict results to published posts, allowing unauthenticated users to disclose private/draft/pending post titles and their permalinks thro...

5.3CVSS5.2AI score0.01464EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder