CVE-2021-24234

Name of the Vulnerable Software and Affected Versions: Ivory Search WordPress plugin versions prior to 4.6.1

Description: The issue arises from improper sanitization of the tab parameter in the Search Forms page, leading to a reflected Cross-Site Scripting issue. This can occur when a high-privilege user opens a maliciously crafted link. The attack requires knowledge of a form id.

Recommendations: For versions prior to 4.6.1, update to version 4.6.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Search Forms page for high-privilege users until the update is applied. Avoid using the tab parameter in the affected page until the issue is resolved.