PT-2023-16972 · WordPress · Ajax Search Lite+1

Erwan Lr

Published

2023-04-24

Updated

2025-03-18

CVE-2023-1420

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Ajax Search Lite WordPress plugin versions prior to 4.11.1 Ajax Search Pro WordPress plugin versions prior to 4.26.2

Description The issue is related to a Reflected Cross-Site Scripting that could be used against high privilege users, such as admins. This occurs because a parameter is not properly sanitised and escaped before being outputted in the response of an AJAX action.

Recommendations For Ajax Search Lite WordPress plugin versions prior to 4.11.1, update to version 4.11.1 or later. For Ajax Search Pro WordPress plugin versions prior to 4.26.2, update to version 4.26.2 or later. As a temporary workaround, consider restricting access to AJAX actions in the affected plugins until a patch is applied.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2023-1420

Affected Products

Ajax Search Lite

Ajax Search Pro

PT-2023-16972 · WordPress · Ajax Search Lite+1

CVE-2023-1420

Related Identifiers

Affected Products

References · 7