SearchWP Live Ajax Search < 1.6.2 - Unauthenticated Arbitrary Post Title Disclosure

The plugin does not ensure that users making. alive search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink id: CVE-2022-2535 info: name: SearchWP Live Ajax Search 1.6.2 -...

CVE-2022-2535

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink...

MAL-2024-9829 Malicious code in searchwp-live-ajax-search (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in searchwp-live-ajax-search (npm)

--- -= Per source details. Do not edit below this line.=-...

WordPress SearchWP Live Ajax Search plugin <= 1.6.2 - Unauthenticated Local File Inclusion (LFI) vulnerability

Unauthenticated Local File Inclusion LFI vulnerability was discovered by Muhammad Zeeshan Xib3rR4dAr in the WordPress SearchWP Live Ajax Search plugin versions = 1.6.2. Solution Update the WordPress SearchWP Live Ajax Search plugin to the latest available version at least 1.6.3...

CVE-2022-2535

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink...

Code injection

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink...

CVE-2022-2535

The vulnerability CVE-2022-2535 affects WordPress plugin SearchWP Live Ajax Search (versions before 1.6.2). The root cause is that live search queries do not restrict results to published posts, allowing unauthenticated users to disclose private/draft/pending post titles and their permalinks thro...

CVE-2022-2535 SearchWP Live Ajax Search < 1.6.2 - Unauthenticated Arbitrary Post Title Disclosure

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink...

WordPress SearchWP Live Ajax Search plugin <= 1.6.1 - Unauthenticated Arbitrary Post Title Disclosure vulnerability

Unauthenticated Arbitrary Post Title Disclosure vulnerability discovered by Angelo Delicato in WordPress SearchWP Live Ajax Search plugin versions = 1.6.1. Solution Update the WordPress SearchWP Live Ajax Search plugin to the latest available version at least 1.6.2...