VYPR

Ajax Search Lite

by WordPress

Source repositories

CVEs (10)

  • CVE-2024-21752HigFeb 29, 2024
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Ernest Marcinko Ajax Search Lite allows Reflected XSS.This issue affects Ajax Search Lite: from n/a through 4.11.4.

  • CVE-2023-1435MedApr 24, 2023
    risk 0.40cvss 6.1epss 0.00

    The Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

  • CVE-2023-1420MedApr 24, 2023
    risk 0.40cvss 6.1epss 0.00

    The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high…

  • CVE-2025-48086MedNov 6, 2025
    risk 0.36cvss 5.5epss 0.00

    Deserialization of Untrusted Data vulnerability in wpdreams Ajax Search Lite ajax-search-lite allows Object Injection.This issue affects Ajax Search Lite: from n/a through <= 4.13.3.

  • CVE-2024-8619MedMay 15, 2025
    risk 0.31cvss 4.8epss 0.00

    The Ajax Search Lite WordPress plugin before 4.12.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…

  • CVE-2024-10568MedDec 12, 2024
    risk 0.31cvss 4.7epss 0.00

    The Ajax Search Lite WordPress plugin before 4.12.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…

  • CVE-2024-7084MedAug 6, 2024
    risk 0.31cvss 4.8epss 0.00

    The Ajax Search Lite WordPress plugin before 4.12.1 does not sanitise and escape some parameters, which could allow users with a role as low as Admin+ to perform Cross-Site Scripting attacks.

  • CVE-2022-38456MedMar 15, 2023
    risk 0.28cvss 4.3epss 0.01

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ernest Marcinko Ajax Search Lite plugin <= 4.10.3 versions.

  • CVE-2025-7956MedAug 28, 2025
    risk 0.27cvss 5.3epss 0.00

    The Ajax Search Lite plugin for WordPress is vulnerable to Basic Information Exposure due to missing authorization in its AJAX search handler in all versions up to, and including, 4.13.1. This makes it possible for unauthenticated attackers to issue repeated AJAX requests to…

  • CVE-2024-13585LowFeb 21, 2025
    risk 0.23cvss 3.5epss 0.00

    The Ajax Search Lite WordPress plugin before 4.12.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…