2 matches found
CVE-2024-10568 Ajax Search Lite < 4.12.4 - Admin+ Stored XSS
The Ajax Search Lite WordPress plugin before 4.12.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-10568
CVE-2024-10568 affects the WordPress plugin “Ajax Search Lite – Live Search & Filter” (versions before 4.12.4). The issue arises from improper sanitisation/escaping of certain settings, enabling Stored Cross-Site Scripting by high-privilege users (e.g., admins) even if unfiltered_html is disallow...