PT-2023-16972 · WordPress · Ajax Search Lite+1

Erwan Lr

·

Publicado

2023-04-24

·

Atualizado

2025-03-18

·

CVE-2023-1420

CVSS v3.1

6.1

Média

VetorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Ajax Search Lite WordPress plugin versions prior to 4.11.1 Ajax Search Pro WordPress plugin versions prior to 4.26.2
Description The issue is related to a Reflected Cross-Site Scripting that could be used against high privilege users, such as admins. This occurs because a parameter is not properly sanitised and escaped before being outputted in the response of an AJAX action.
Recommendations For Ajax Search Lite WordPress plugin versions prior to 4.11.1, update to version 4.11.1 or later. For Ajax Search Pro WordPress plugin versions prior to 4.26.2, update to version 4.26.2 or later. As a temporary workaround, consider restricting access to AJAX actions in the affected plugins until a patch is applied.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Identificadores relacionados

CVE-2023-1420

Produtos afetados

Ajax Search Lite
Ajax Search Pro