Ajax Search Project : Security Vulnerabilities (XSS) CVSS score >= 5

Copy

CVE-2023-1420

The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Max Base Score

6.1

Published

2023-04-24

Updated

2023-05-02

EPSS

0.05%

CVE-2023-1435

The Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Max Base Score

6.1

Published

2023-04-24

Updated

2023-05-02

EPSS

0.05%

2 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!