WordPress Plugin Vulnerabilities

Ivory Search – WordPress Search Plugin < 5.5.7 - Information Exposure via AJAX Search Form

Description

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.5.6 via the ajax_load_posts function. This makes it possible for unauthenticated attackers to extract text data from password-protected posts using the boolean-based attack on the AJAX search form

Affects Plugins

Fixed in 5.5.7

References

Classification

Type
SENSITIVE DATA DISCLOSURE
CWE

Miscellaneous

Original Researcher
stealthcopter
Verified
No

Timeline

Publicly Published
2024-09-04 (about 1 year ago)
Added
2024-09-04 (about 1 year ago)
Last Updated
2024-09-05 (about 1 year ago)

Other