SearchWP Live Ajax Search < 1.6.2 - Unauthenticated Arbitrary Post Title Disclosure

The plugin does not ensure that users making. alive search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink id: CVE-2022-2535 info: name: SearchWP Live Ajax Search 1.6.2 -...

EUVD-2022-43521

Malicious code in bioql PyPI...

CVE-2022-2535

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink...

Malicious code in searchwp-live-ajax-search (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-9829 Malicious code in searchwp-live-ajax-search (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2022-40223

Nonce token leakage and missing authorization in SearchWP premium plugin = 4.2.5 on WordPress leading to plugin settings change...

CVE-2022-40223

Nonce token leakage and missing authorization in SearchWP premium plugin = 4.2.5 on WordPress leading to plugin settings change...

Authorization

Nonce token leakage and missing authorization in SearchWP premium plugin = 4.2.5 on WordPress leading to plugin settings change...

CVE-2022-40223

Summary: CVE-2022-40223 affects the WordPress SearchWP premium plugin (versions ≤ 4.2.5). The vulnerability combines nonce token leakage with missing authorization, enabling changes to plugin settings without proper privileges. Multiple sources corroborate the issue and its impact on plugin setti...

PT-2022-25292 · Searchwp · Searchwp

Name of the Vulnerable Software and Affected Versions: SearchWP premium plugin versions = 4.2.5 Description: The issue concerns nonce token leakage and missing authorization in the SearchWP premium plugin, allowing unauthorized changes to plugin settings. Recommendations: For SearchWP premium...

WordPress plugin SearchWP premium 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

SearchWP < 4.2.6 - Subscriber+ Settings Update

The plugin does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them...

WordPress SearchWP premium plugin <= 4.2.5 - Broken Authentication vulnerability

Broken Authentication vulnerability via Nonce Token Leakage Leading to Plugin Settings Change discovered by Dave Jong Patchstack in the WordPress SearchWP premium plugin versions = 4.2.5. Solution Update the WordPress SearchWP plugin to the latest available version at least 4.2.6...

WordPress SearchWP Live Ajax Search plugin <= 1.6.2 - Unauthenticated Local File Inclusion (LFI) vulnerability

Unauthenticated Local File Inclusion LFI vulnerability was discovered by Muhammad Zeeshan Xib3rR4dAr in the WordPress SearchWP Live Ajax Search plugin versions = 1.6.2. Solution Update the WordPress SearchWP Live Ajax Search plugin to the latest available version at least 1.6.3...

SearchWP Live Ajax Search < 1.6.3 - Unauthenticated Local File Inclusion

The plugin does not validate the swpengine parameter of the searchwplivesearch AJAX action, which could allow unauthenticated attackers to perform Local File Inclusion attack via a Path Traversal vector on web server running IIS...

CVE-2022-2535

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink...

CVE-2022-2535

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink...

Code injection

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink...

EUVD-2022-34789

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink...

CVE-2022-2535 SearchWP Live Ajax Search < 1.6.2 - Unauthenticated Arbitrary Post Title Disclosure

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink...