WordPress FiboSearch plugin <= 1.32.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by PPzzAArr in WordPress Plugin FiboSearch versions = 1.32.1...

CVE-2025-14298

The FiboSearch – Ajax Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's thegemtesearch shortcode in all versions up to, and including, 1.32.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

CVE-2025-14298

CVE-2025-14298 (FiboSearch – Ajax Search for WooCommerce) stores cross-site scripting via thegem_te_search shortcode in all versions up to 1.32.0. Exploitation requires TheGem Theme (premium) with Header Builder mode and FiboSearch’s "Replace search bars" option enabled for TheGem integration. Th...

PT-2025-52549

Name of the Vulnerable Software and Affected Versions FiboSearch – Ajax Search for WooCommerce plugin for WordPress versions prior to 1.32.1 Description The FiboSearch – Ajax Search for WooCommerce plugin for WordPress is susceptible to Stored Cross-Site Scripting. The issue stems from inadequate...

WordPress plugin FiboSearch 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress FiboSearch – Ajax Search for WooCommerce plugin <= 1.32.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via thegem_te_search Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via thegemtesearch Shortcode vulnerability discovered by zaim in WordPress Plugin FiboSearch versions = 1.32.0...

EUVD-2023-33935

Malicious code in bioql PyPI...

EUVD-2022-24772

Malicious code in bioql PyPI...

CVE-2023-2450

The FiboSearch - AJAX Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.23.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2022-1469

The FiboSearch WordPress plugin before 1.17.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed...

WordPress FiboSearch – Ajax Search for WooCommerce Plugin < 1.25.0 is vulnerable to Cross Site Scripting (XSS)

Software FiboSearch – Ajax Search for WooCommerce Type Plugin Vulnerable versions 1.25.0 Fixed in 1.25.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 17e225437595 Credits Rafie...

WordPress FiboSearch Plugin < 1.24.0 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:fibosearch:fibosearch"; if description...

WordPress FiboSearch – Ajax Search for WooCommerce Plugin <= 1.23.0 is vulnerable to Cross Site Scripting (XSS)

Software FiboSearch – Ajax Search for WooCommerce Type Plugin Vulnerable versions = 1.23.0 Fixed in 1.24.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2450 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1e16f85faf8c Credi...

Cross site scripting

The FiboSearch - AJAX Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.23.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2023-2450

The FiboSearch - AJAX Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.23.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2023-2450

CVE-2023-2450 applies to the WordPress plugin FiboSearch – Ajax Search for WooCommerce. The vulnerability is a Stored Cross-Site Scripting flaw in admin settings, affecting versions up to and including 1.23.0 due to insufficient input sanitization and output escaping. Impact requires authenticate...

WordPress Plugin FiboSearch - AJAX Search for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

FiboSearch - AJAX Search for WooCommerce < 1.24.0 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitize and escape input in admin settings, leading to a Stored Cross-Site Scripting vulnerability in affected pages for multi-site installations and instances where unfilteredhtml is disabled...

WordPress FiboSearch Plugin < 1.17.0 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:fibosearch:fibosearch"; if description...

WordPress FiboSearch plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress FiboSearch plugin version prior to 1.17.0 has a cross-site scripting vulnerability that ste...