Back to search
CVE-2023-1420
Published: Apr 24, 2023
Modified: Feb 4, 2025
PUBLISHED
Description
The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
| Vendor | Product | Versions |
|---|---|---|
Unknown | Ajax Search Lite | affected 0 - < 4.11.1 |
Unknown | Ajax Search Pro | affected 0 - < 4.26.2 |
References
https://wpscan.com/vulnerability/a9a54ee5-2b80-4f55-894c-1047030eea7f
exploit
vdb-entry
technical-description
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now