4 matches found
CVE-2023-1435
The Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-1435 Ajax Search Lite Pro < 4.26.2 - Multiple Reflected Cross-Site Scripting
The Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-1435
CVE-2023-1435 affects Ajax Search Pro for WordPress prior to v4.26.2. The vulnerability is a Reflected Cross-Site Scripting caused by insufficient sanitization/escaping of input parameters before echoing them back in pages, enabling an attacker to target high-privilege users (e.g., admins). Publi...
WordPress Ajax Search Pro Plugin < 4.26.2 is vulnerable to Cross Site Scripting (XSS)
Software Ajax Search Pro Type Plugin Vulnerable versions 4.26.2 Fixed in 4.26.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1435 Patch priority High CVSS severity High 6.1 Developer Claim ownership PSID 019181a32a8a Credits Erwan LR Required...