Ivory Search Security Vulnerabilities and Issues — Ivory Search CVE List

Lucene search

IvorysearchIvory Search

5 matches found

CVE•added 2021/10/21 9:15 p.m.•51 views

CVE-2021-36869

Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory Search plugin (versions

6.1CVSS5.5AI score0.00218EPSS

CVE•added 2021/04/22 9:15 p.m.•36 views

CVE-2021-24234

The Search Forms page of the Ivory Search WordPress lugin before 4.6.1 did not properly sanitise the tab parameter before output it in the page, leading to a reflected Cross-Site Scripting issue when opening a malicious crafted link as a high privilege user. Knowledge of a form id is required to co...

6.1CVSS6AI score0.00265EPSS

CVE•added 2022/02/07 4:15 p.m.•36 views

CVE-2021-25105

The Ivory Search WordPress plugin before 5.4.1 does not escape some of the Form settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

4.8CVSS4.7AI score0.00214EPSS

CVE•added 2024/09/05 7:15 a.m.•36 views

CVE-2024-6835

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.5.6 via the ajax_load_posts function. This makes it possible for unauthenticated attackers to extract text data from password-protected posts using the boole...

5.3CVSS5.6AI score0.00355EPSS

CVE•added 2025/06/17 6:15 a.m.•15 views

CVE-2025-5209

The Ivory Search WordPress plugin before 5.5.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

4.8CVSS4.8AI score0.0003EPSS