SearchWP Live Ajax Search < 1.6.2 - Unauthenticated Arbitrary Post Title Disclosure

The plugin does not ensure that users making. alive search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink id: CVE-2022-2535 info: name: SearchWP Live Ajax Search 1.6.2 -...

EUVD-2022-43521

Malicious code in bioql PyPI...

CVE-2022-2535

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink...

Malicious code in searchwp-live-ajax-search (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-9829 Malicious code in searchwp-live-ajax-search (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2022-40223

Nonce token leakage and missing authorization in SearchWP premium plugin = 4.2.5 on WordPress leading to plugin settings change...

CVE-2022-40223

Nonce token leakage and missing authorization in SearchWP premium plugin = 4.2.5 on WordPress leading to plugin settings change...

Authorization

Nonce token leakage and missing authorization in SearchWP premium plugin = 4.2.5 on WordPress leading to plugin settings change...

CVE-2022-40223

Summary: CVE-2022-40223 affects the WordPress SearchWP premium plugin (versions ≤ 4.2.5). The vulnerability combines nonce token leakage with missing authorization, enabling changes to plugin settings without proper privileges. Multiple sources corroborate the issue and its impact on plugin setti...

PT-2022-25292 · Searchwp · Searchwp

Name of the Vulnerable Software and Affected Versions: SearchWP premium plugin versions = 4.2.5 Description: The issue concerns nonce token leakage and missing authorization in the SearchWP premium plugin, allowing unauthorized changes to plugin settings. Recommendations: For SearchWP premium...

WordPress plugin SearchWP premium 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

SearchWP < 4.2.6 - Subscriber+ Settings Update

The plugin does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them...

WordPress SearchWP premium plugin <= 4.2.5 - Broken Authentication vulnerability

Broken Authentication vulnerability via Nonce Token Leakage Leading to Plugin Settings Change discovered by Dave Jong Patchstack in the WordPress SearchWP premium plugin versions = 4.2.5. Solution Update the WordPress SearchWP plugin to the latest available version at least 4.2.6...

WordPress SearchWP Live Ajax Search plugin <= 1.6.2 - Unauthenticated Local File Inclusion (LFI) vulnerability

Unauthenticated Local File Inclusion LFI vulnerability was discovered by Muhammad Zeeshan Xib3rR4dAr in the WordPress SearchWP Live Ajax Search plugin versions = 1.6.2. Solution Update the WordPress SearchWP Live Ajax Search plugin to the latest available version at least 1.6.3...

SearchWP Live Ajax Search < 1.6.3 - Unauthenticated Local File Inclusion

The plugin does not validate the swpengine parameter of the searchwplivesearch AJAX action, which could allow unauthenticated attackers to perform Local File Inclusion attack via a Path Traversal vector on web server running IIS...

CVE-2022-2535

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink...

CVE-2022-2535

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink...

Code injection

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink...

EUVD-2022-34789

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink...

CVE-2022-2535

The vulnerability CVE-2022-2535 affects WordPress plugin SearchWP Live Ajax Search (versions before 1.6.2). The root cause is that live search queries do not restrict results to published posts, allowing unauthenticated users to disclose private/draft/pending post titles and their permalinks thro...