Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ajax search vulnerabilities and exploits
(subscribe to this query)
NA
CVE_2022_40684
Official Writeup - Simple CTF 2.0 Created: April 23, 2024 7:50 PM Today I completed an other room on TryHackMe with a simple file-upload vulnerability which I built. I have tried for dancing around this whole CTF machine and getting a lot of walls of challenges in the end it co...
1 Github repository
NA
CVE-2024-21752
Cross-Site Request Forgery (CSRF) vulnerability in Ernest Marcinko Ajax Search Lite allows Reflected XSS.This issue affects Ajax Search Lite: from n/a up to and including 4.11.4.
5.3
CVSSv3
CVE-2023-6155
The Quiz Maker WordPress plugin prior to 6.4.9.5 does not adequately authorize the `ays_quiz_author_user_search` AJAX action, allowing an unauthenticated malicious user to perform a search for users of the system, ultimately leaking user email addresses.
Ays-pro Quiz Maker
4.4
CVSSv3
CVE-2023-2450
The FiboSearch - AJAX Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.23.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
Fibosearch Fibosearch
6.1
CVSSv3
CVE-2023-1420
The Ajax Search Lite WordPress plugin prior to 4.11.1, Ajax Search Pro WordPress plugin prior to 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high...
Ajax Search Project Ajax Search
6.1
CVSSv3
CVE-2023-1435
The Ajax Search Pro WordPress plugin prior to 4.26.2 does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Ajax Search Project Ajax Search
7.5
CVSSv3
CVE-2022-38456
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ernest Marcinko Ajax Search Lite plugin <= 4.10.3 versions.
Ajax Search Project Ajax Search
6.5
CVSSv3
CVE-2023-26038
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions before 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via web/ajax/modal.php, where an arbitrar...
Zoneminder Zoneminder
9.8
CVSSv3
CVE-2022-4297
The WP AutoComplete Search WordPress plugin up to and including 1.0.4 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection
Netflixtech Wp Autocomplete Search
5.3
CVSSv3
CVE-2022-2535
The SearchWP Live Ajax Search WordPress plugin prior to 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink
Searchwp Searchwp Live Ajax Search
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »