Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ajax search vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-38456
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ernest Marcinko Ajax Search Lite plugin <= 4.10.3 versions.
Ajax Search Project Ajax Search
668
VMScore
CVE-2012-5853
SQL injection vulnerability in the "the_search_function" function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin prior to 1.3 for WordPress allows remote malicious users to execute arbitrary SQL commands via the srch_txt parameter in a &...
Ajax Search Project Ajax Search
NA
CVE-2023-1435
The Ajax Search Pro WordPress plugin prior to 4.26.2 does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Ajax Search Project Ajax Search
NA
CVE-2023-1420
The Ajax Search Lite WordPress plugin prior to 4.11.1, Ajax Search Pro WordPress plugin prior to 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high...
Ajax Search Project Ajax Search
NA
CVE-2022-2535
The SearchWP Live Ajax Search WordPress plugin prior to 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink
Searchwp Searchwp Live Ajax Search
445
VMScore
CVE-2020-12070
The Advanced Woo Search plugin version up to and including 1.99 for Wordpress suffers from a sensitive information disclosure vulnerability in every ajax search request via the sql field to includes/class-aws-search.php.
Advanced-woo-search Advanced Woo Search
NA
CVE-2022-4297
The WP AutoComplete Search WordPress plugin up to and including 1.0.4 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection
Netflixtech Wp Autocomplete Search
668
VMScore
CVE-2020-8519
SQL injection with the search parameter in Records.php for phpzag live add edit delete data tables records with ajax php mysql
Phpzag Phpzag -
668
VMScore
CVE-2020-8520
SQL injection in order and column parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql
Phpzag Phpzag -
668
VMScore
CVE-2020-8521
SQL injection with start and length parameters in Records.php for phpzag live add edit delete data tables records with ajax php mysql
Phpzag Phpzag -
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »