Ajax Search

ajax_search

Vendor: Wp Dreams • 7 CVEs

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-8619 1Wp Dreams 1Ajax Search Jun 17, 2026 May 15, 2025 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The Ajax Search Lite WordPress plugin before 4.12.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the un...Show more The Ajax Search Lite WordPress plugin before 4.12.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
CVE-2024-13585 1Wp Dreams 1Ajax Search Jun 17, 2026 Feb 21, 2025 N/A· v4 3.5 LOW· v3 N/A· v2 The Ajax Search Lite WordPress plugin before 4.12.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the un...Show more The Ajax Search Lite WordPress plugin before 4.12.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
CVE-2024-10568 1Wp Dreams 1Ajax Search Jun 17, 2026 Dec 12, 2024 N/A· v4 4.7 MEDIUM· v3 N/A· v2 The Ajax Search Lite WordPress plugin before 4.12.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the un...Show more The Ajax Search Lite WordPress plugin before 4.12.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
CVE-2024-7084 1Wp Dreams 1Ajax Search Jun 17, 2026 Aug 6, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The Ajax Search Lite WordPress plugin before 4.12.1 does not sanitise and escape some parameters, which could allow users with a role as low as Admin+ to perform Cross-Site Scripting attacks.
CVE-2024-21752 1Wp Dreams 1Ajax Search Jun 17, 2026 Feb 29, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Ernest Marcinko Ajax Search Lite allows Reflected XSS.This issue affects Ajax Search Lite: from n/a through 4.11.4.
CVE-2023-1435 1Wp Dreams 1Ajax Search Jun 17, 2026 Apr 24, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privil...Show more The Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminShow less
CVE-2023-1420 1Wp Dreams 1Ajax Search Jun 17, 2026 Apr 24, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflect...Show more The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminShow less