3 matches found
WordPress Ivory Search plugin < 5.5.10 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by WPscan in WordPress Plugin Ivory Search versions 5.5.10...
CVE-2025-5209
The CVE-2025-5209 entry describes a stored XSS vulnerability in the WordPress Ivory Search plugin prior to version 5.5.10. The issue arises because the plugin does not sufficiently sanitize and escape certain settings, allowing high-privilege users (e.g., admins) to trigger cross-site scripting e...
CVE-2025-5209 Ivory Search < 5.5.10 - Admin+ Stored XSS
The Ivory Search WordPress plugin before 5.5.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...