Unrated severityNVD Advisory· Published Aug 15, 2022· Updated Aug 3, 2024

SearchWP Live Ajax Search < 1.6.2 - Unauthenticated Arbitrary Post Title Disclosure

CVE-2022-2535

Description

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

WordPress/Searchwp Live Ajax Searchinferred2 versions
<1.6.2+ 1 more
- (no CPE)range: <1.6.2
- (no CPE)range: <1.6.2
Package: https://wordpress.org/plugins/searchwp-live-ajax-search

Patches

Vulnerability mechanics

References

wpscan.com/vulnerability/0e13c375-044c-4c2e-ab8e-48cb89d90d02mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000