Lucene search
K

7 matches found

NVD
NVD
added 2025/12/20 9:15 a.m.3 views

CVE-2025-14298

The FiboSearch – Ajax Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's thegemtesearch shortcode in all versions up to, and including, 1.32.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

5.4CVSS0.00266EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/12/20 8:22 a.m.19 views

CVE-2025-14298 FiboSearch – Ajax Search for WooCommerce <= 1.32.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via thegem_te_search Shortcode

The FiboSearch – Ajax Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's thegemtesearch shortcode in all versions up to, and including, 1.32.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

5.4CVSS0.00266EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/20 8:22 a.m.3 views

CVE-2025-14298 FiboSearch – Ajax Search for WooCommerce <= 1.32.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via thegem_te_search Shortcode

The FiboSearch – Ajax Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's thegemtesearch shortcode in all versions up to, and including, 1.32.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

5.4CVSS4.7AI score0.00266EPSS
Exploits0References5
OSV
OSV
added 2023/06/09 6:16 a.m.3 views

CVE-2023-2450

The FiboSearch - AJAX Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.23.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS7.3AI score0.0056EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/06/09 6:16 a.m.2 views

CVE-2023-2450

The FiboSearch - AJAX Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.23.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS6.8AI score0.0056EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/09 12:0 a.m.5 views

PT-2023-19646 · WordPress · The Fibosearch - Ajax Search For Woocommerce

Name of the Vulnerable Software and Affected Versions: The FiboSearch - AJAX Search for WooCommerce plugin for WordPress versions up to, and including, 1.23.0 Description: The issue arises from insufficient input sanitization and output escaping in admin settings, allowing authenticated attackers...

4.4CVSS5.2AI score0.0056EPSS
Exploits0References5
OSV
OSV
added 2022/06/08 10:15 a.m.4 views

CVE-2022-1469

The FiboSearch WordPress plugin before 1.17.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.00565EPSS
Exploits2References1
Rows per page
Query Builder