Ivory Search < 5.4.1 - Multiple Admin+ Stored Cross-Site Scripting
Description
The Ivory Search WordPress plugin before 5.4.1 does not escape some of the Form settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Ivory Searchdescription
- Range: <5.4.1
Patches
Vulnerability mechanics
Root cause
"Missing output escaping of Form settings allows stored Cross-Site Scripting."
Attack vector
An attacker with high privileges (e.g., Administrator) can inject malicious JavaScript into unescaped Form settings fields. When other users view or interact with the affected form, the stored script executes in their browsers, leading to Cross-Site Scripting (XSS) [CWE-79]. The attack does not require the unfiltered_html capability to be enabled, making it exploitable even in locked-down WordPress installations [ref_id=1].
Affected code
The advisory does not specify exact file paths or function names. It states that the plugin "does not escape some of the Form settings" [ref_id=1], indicating that the vulnerable code resides in the form settings handling logic of the Ivory Search plugin (add-search-to-menu) before version 5.4.1.
What the fix does
The advisory states the vulnerability is fixed in version 5.4.1 [ref_id=1]. No patch diff is provided in the bundle. The fix presumably escapes the Form settings output, preventing stored scripts from being rendered as HTML. Administrators should update to version 5.4.1 or later.
Preconditions
- authAttacker must have a high-privilege role (e.g., Administrator) in the WordPress installation
- configThe Ivory Search plugin must be installed and active with a version prior to 5.4.1
- inputThe attacker must be able to access and modify the plugin's Form settings
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- wpscan.com/vulnerability/a9ab9e84-7f5e-4e7c-8647-114d9e02e59fmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.