Searchwp

searchwp

2 CVEs • 2 products

Products (2)

Click to collapse

Toggle

Searchwp Live Ajax Search

searchwp_live_ajax_search

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-40223 1Searchwp 1Searchwp Nov 21, 2024 Nov 8, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Nonce token leakage and missing authorization in SearchWP premium plugin <= 4.2.5 on WordPress leading to plugin settings change.
CVE-2022-2535 1Searchwp 1Searchwp Live Ajax Search Nov 21, 2024 Aug 15, 2022 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/d...Show more The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalinkShow less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2022-40223

1Searchwp

Nov 21, 2024

Nov 8, 2022

N/A· v4

4.3 MEDIUM· v3

N/A· v2

Nonce token leakage and missing authorization in SearchWP premium plugin <= 4.2.5 on WordPress leading to plugin settings change.

CVE-2022-2535

1Searchwp

1Searchwp Live Ajax Search

Nov 21, 2024

Aug 15, 2022

N/A· v4

5.3 MEDIUM· v3

N/A· v2

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/d...Show more