Vulnerabilities > Ajax Search Project > Ajax Search

DATE CVE VULNERABILITY TITLE RISK
2023-04-24 CVE-2023-1420 Unspecified vulnerability in Ajax Search Project Ajax Search
The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
network
low complexity
ajax-search-project
6.1
2023-04-24 CVE-2023-1435 Unspecified vulnerability in Ajax Search Project Ajax Search
The Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
network
low complexity
ajax-search-project
6.1
2023-03-15 CVE-2022-38456 Information Exposure vulnerability in Ajax Search Project Ajax Search
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ernest Marcinko Ajax Search Lite plugin <= 4.10.3 versions.
network
low complexity
ajax-search-project CWE-200
7.5
2015-01-08 CVE-2012-5853 SQL Injection vulnerability in Ajax Search Project Ajax Search 1.0/1.1/1.2
SQL injection vulnerability in the "the_search_function" function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin before 1.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the srch_txt parameter in a "the_search_text" action to wp-admin/admin-ajax.php.
network
low complexity
ajax-search-project CWE-89
7.5