← Back

Wp Dreams

wp-dreams

7 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Ajax Search
ajax_search
7 CVEs

CVEs (7)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-8619
1Wp Dreams
1Ajax Search
Jun 17, 2026
May 15, 2025
N/A· v4
4.8 MEDIUM· v3
N/A· v2
The Ajax Search Lite WordPress plugin before 4.12.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the un...Show more
The Ajax Search Lite WordPress plugin before 4.12.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
CVE-2024-13585
1Wp Dreams
1Ajax Search
Jun 17, 2026
Feb 21, 2025
N/A· v4
3.5 LOW· v3
N/A· v2
The Ajax Search Lite WordPress plugin before 4.12.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the un...Show more
The Ajax Search Lite WordPress plugin before 4.12.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
CVE-2024-10568
1Wp Dreams
1Ajax Search
Jun 17, 2026
Dec 12, 2024
N/A· v4
4.7 MEDIUM· v3
N/A· v2
The Ajax Search Lite WordPress plugin before 4.12.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the un...Show more
The Ajax Search Lite WordPress plugin before 4.12.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
CVE-2024-7084
1Wp Dreams
1Ajax Search
Jun 17, 2026
Aug 6, 2024
N/A· v4
4.8 MEDIUM· v3
N/A· v2
The Ajax Search Lite WordPress plugin before 4.12.1 does not sanitise and escape some parameters, which could allow users with a role as low as Admin+ to perform Cross-Site Scripting attacks.
CVE-2024-21752
1Wp Dreams
1Ajax Search
Jun 17, 2026
Feb 29, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in Ernest Marcinko Ajax Search Lite allows Reflected XSS.This issue affects Ajax Search Lite: from n/a through 4.11.4.
CVE-2023-1435
1Wp Dreams
1Ajax Search
Jun 17, 2026
Apr 24, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privil...Show more
The Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminShow less
CVE-2023-1420
1Wp Dreams
1Ajax Search
Jun 17, 2026
Apr 24, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflect...Show more
The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminShow less