Vulnerabilities > CVE-2022-2535 - Authorization Bypass Through User-Controlled Key vulnerability in Searchwp Live Ajax Search
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink