Lucene search
K

95 matches found

NVD
NVD
added 2026/06/27 2:16 a.m.10 views

CVE-2026-11356

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'menutitle' and 'menumagnifiercolor' Settings in all versions up to, and including, 5.5.15 due to insufficient input sanitization and output escaping. This makes it possible for...

4.4CVSS0.00251EPSS
Exploits0References10
CVE
CVE
added 2026/06/27 1:27 a.m.11 views

CVE-2026-11356

The Ivory Search – WordPress Search Plugin for WordPress is affected by a Stored Cross-Site Scripting vulnerability in the settings fields menu_title and menu_magnifier_color, affecting all versions up to and including 5.5.15. The root cause is insufficient input sanitization and output escaping....

4.4CVSS5.9AI score0.00251EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/06/27 1:27 a.m.8 views

CVE-2026-11356

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'menutitle' and 'menumagnifiercolor' Settings in all versions up to, and including, 5.5.15 due to insufficient input sanitization and output escaping. This makes it possible for...

4.4CVSS5.9AI score0.00251EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/06/27 1:27 a.m.39 views

CVE-2026-11356 Ivory Search <= 5.5.15 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'menu_title' and 'menu_magnifier_color' Settings

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'menutitle' and 'menumagnifiercolor' Settings in all versions up to, and including, 5.5.15 due to insufficient input sanitization and output escaping. This makes it possible for...

4.4CVSS0.00251EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/27 1:27 a.m.12 views

EUVD-2026-39931

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'menutitle' and 'menumagnifiercolor' Settings in all versions up to, and including, 5.5.15 due to insufficient input sanitization and output escaping. This makes it possible for...

4.4CVSS5.9AI score0.00251EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.9 views

PT-2026-53038

Name of the Vulnerable Software and Affected Versions Ivory Search – WordPress Search Plugin versions prior to 5.5.16 Description Insufficient input sanitization and output escaping allow authenticated attackers with administrator-level access and above to perform Stored Cross-Site Scripting XSS...

4.4CVSS6AI score0.00251EPSS
Exploits0References14
Patchstack
Patchstack
added 2026/05/01 9:31 a.m.8 views

WordPress Ivory Search – WordPress Search Plugin plugin <= 5.5.8 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Ivory Search versions = 5.5.8...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/29 9:24 a.m.14 views

CVE-2026-1053

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.9AI score0.00261EPSS
Exploits0References1
NVD
NVD
added 2026/01/28 9:15 a.m.10 views

CVE-2026-1053

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00261EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/01/28 8:26 a.m.4 views

CVE-2026-1053

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.9AI score0.00261EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/01/28 8:26 a.m.4 views

CVE-2026-1053 Ivory Search <= 5.5.13 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'menu_gcse' and 'nothing_found_text' Parameters

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.9AI score0.00261EPSS
Exploits0References6
CVE
CVE
added 2026/01/28 8:26 a.m.17 views

CVE-2026-1053

CVE-2026-1053: Ivory Search – WordPress Search Plugin (WordPress) is vulnerable to stored XSS up to version 5.5.13 due to insufficient input sanitization and output escaping. Exploitation requires authenticated attacker with administrator-level privileges (or higher). Impact is injection of arbit...

4.4CVSS5.9AI score0.00261EPSS
Exploits0References6
EUVD
EUVD
added 2026/01/28 8:26 a.m.6 views

EUVD-2026-4888

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.9AI score0.00261EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/01/28 8:26 a.m.34 views

CVE-2026-1053 Ivory Search <= 5.5.13 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'menu_gcse' and 'nothing_found_text' Parameters

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00261EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/01/28 1:44 a.m.6 views

WordPress Ivory Search plugin <= 5.5.13 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'menu_gcse' and 'nothing_found_text' Parameters vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'menugcse' and 'nothingfoundtext' Parameters vulnerability discovered by JongHwan Shin zzzsleep in WordPress Plugin Ivory Search versions = 5.5.13...

4.4CVSS5.9AI score0.00261EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.8 views

PT-2026-5081

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.9AI score0.00261EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.7 views

WordPress plugin Ivory Search has a cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.4CVSS5.7AI score0.00261EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/12/10 3:13 p.m.6 views

CVE-2025-63069

Missing Authorization vulnerability in Vinod Dalvi Ivory Search add-search-to-menu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ivory Search: from n/a through = 5.5.12...

5.3CVSS7AI score0.00289EPSS
Exploits0References1
NVD
NVD
added 2025/12/09 4:18 p.m.4 views

CVE-2025-63069

Missing Authorization vulnerability in Vinod Dalvi Ivory Search add-search-to-menu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ivory Search: from n/a through = 5.5.12...

5.3CVSS0.00289EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/09 2:52 p.m.38 views

CVE-2025-63069 WordPress Ivory Search plugin <= 5.5.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in Vinod Dalvi Ivory Search add-search-to-menu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ivory Search: from n/a through = 5.5.12...

5.3CVSS0.00289EPSS
Exploits0References1
Rows per page
Query Builder