Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ajax search vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-1435
The Ajax Search Pro WordPress plugin prior to 4.26.2 does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Ajax Search Project Ajax Search
6.1
CVSSv3
CVE-2023-1420
The Ajax Search Lite WordPress plugin prior to 4.11.1, Ajax Search Pro WordPress plugin prior to 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high...
Ajax Search Project Ajax Search
7.5
CVSSv3
CVE-2022-38456
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ernest Marcinko Ajax Search Lite plugin <= 4.10.3 versions.
Ajax Search Project Ajax Search
NA
CVE-2012-5853
SQL injection vulnerability in the "the_search_function" function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin prior to 1.3 for WordPress allows remote malicious users to execute arbitrary SQL commands via the srch_txt parameter in a &...
Ajax Search Project Ajax Search
5.3
CVSSv3
CVE-2022-2535
The SearchWP Live Ajax Search WordPress plugin prior to 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink
Searchwp Searchwp Live Ajax Search
7.5
CVSSv3
CVE-2020-12070
The Advanced Woo Search plugin version up to and including 1.99 for Wordpress suffers from a sensitive information disclosure vulnerability in every ajax search request via the sql field to includes/class-aws-search.php.
Advanced-woo-search Advanced Woo Search
9.8
CVSSv3
CVE-2022-4297
The WP AutoComplete Search WordPress plugin up to and including 1.0.4 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection
Netflixtech Wp Autocomplete Search
NA
CVE-2009-2587
Multiple cross-site scripting (XSS) vulnerabilities in DragDropCart allow remote malicious users to inject arbitrary web script or HTML via the (1) sid parameter to assets/js/ddcart.php, the (2) prefix parameter to includes/ajax/getstate.php, the search parameter to (3) index.php...
Dragdropcart Dragdropcart -
6 EDB exploits
4.3
CVSSv3
CVE-2019-16251
plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework up to and including 3.3.8 for WordPress allows authenticated options changes.
Yithemes Yith Woocommerce Wishlist
Yithemes Yith Woocommerce Compare
Yithemes Yith Woocommerce Quick View
Yithemes Yith Woocommerce Zoom Magnifier
Yithemes Yith Woocommerce Ajax Search
Yithemes Yith Woocommerce Badge Management
Yithemes Yith Woocommerce Brands Add-on
Yithemes Yith Woocommerce Request A Quote
Yithemes Yith Woocommerce Social Login
Yithemes Yith Woocommerce Order Tracking
Yithemes Yith Woocommerce Pdf Invoice And Shipping List
Yithemes Yith Pre-order For Woocommerce
Yithemes Yith Woocommerce Advanced Reviews
Yithemes Yith Woocommerce Product Add-ons
Yithemes Yith Woocommerce Gift Cards
Yithemes Yith Woocommerce Subscription
Yithemes Yith Woocommerce Affiliates
Yithemes Yith Woocommerce Cart Messages
Yithemes Yith Woocommerce Product Bundles
Yithemes Yith Woocommerce Frequently Bought Together
Yithemes Yith Woocommerce Multi-step Checkout
Yithemes Yith Color And Label Variations For Woocommerce
NA
CVE-2024-21752
Cross-Site Request Forgery (CSRF) vulnerability in Ernest Marcinko Ajax Search Lite allows Reflected XSS.This issue affects Ajax Search Lite: from n/a up to and including 4.11.4.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcoded
arbitrary code
CVE-2024-2404
CVE-2024-21111
CVE-2024-28627
CVE-2024-4073
information disclosure
CVE-2024-32780
CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »