PT-2022-17231 · WordPress · Searchwp Live Ajax Search

Angelo Delicato

Published

2022-08-15

Updated

2022-08-16

CVE-2022-2535

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions SearchWP Live Ajax Search WordPress plugin versions prior to 1.6.2

Description The issue allows unauthenticated users to make a crafted query, disclosing private, draft, and pending post titles along with their permalinks, because it does not limit live search results to published posts only.

Recommendations For versions prior to 1.6.2, update to version 1.6.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the live search functionality until the update is applied.

Exploit

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2022-2535

Affected Products

Searchwp Live Ajax Search

PT-2022-17231 · WordPress · Searchwp Live Ajax Search

CVE-2022-2535

Weakness Enumeration

Related Identifiers

Affected Products

References · 4