CVE-2024-3233

Name of the Vulnerable Software and Affected Versions The Ivory Search – WordPress Search Plugin versions up to, and including, 5.5.5

Description The issue allows authenticated attackers with subscriber-level access and above to modify data without authorization due to a missing capability check on the ajax create index() function. This makes it possible for them to trigger index creation.

Recommendations For versions up to, and including, 5.5.5, consider disabling the ajax create index() function until a patch is available to prevent unauthorized modification of data. Restrict access to the affected function to minimize the risk of exploitation.