Vulnerabilities and security researches forajax-search-lite ajax-search-lite
Direction: ascendingJun 07, 2024
Ajax Search Lite # 7d9028a1ce1e60a0877994b6b4ed6997bdf7b795
- CVE, Research URL
- Home page URL
- Application
- Date
- Mar 18, 2015
- Research Description
- Ajax Search Lite [ajax-search-lite] < 3.11 WordPress Ajax Search Lite Plugin <= 3.1 - Remote Code Execution This vulnerability allows any registered user to execute any function he wants. Upgrade the plugin.
- Affected versions
-
max 3.11.
- Status
-
vulnerable
Ajax Search Lite # CVE-2022-38456
- CVE, Research URL
- Home page URL
- Application
- Date
- Mar 15, 2023
- Research Description
- Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ernest Marcinko Ajax Search Lite plugin <= 4.10.3 versions.
- Affected versions
-
max 4.11.1.
- Status
-
vulnerable
Ajax Search Lite # CVE-2023-1420
- CVE, Research URL
- Home page URL
- Application
- Date
- Apr 25, 2023
- Research Description
- The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
- Affected versions
-
max 4.11.1.
- Status
-
vulnerable
Ajax Search Lite # CVE-2024-21752
- CVE, Research URL
- Home page URL
- Application
- Date
- Feb 29, 2024
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in Ernest Marcinko Ajax Search Lite allows Reflected XSS.This issue affects Ajax Search Lite: from n/a through 4.11.4.
- Affected versions
-
max 4.11.5.
- Status
-
vulnerable
Aug 07, 2024
Ajax Search Lite # CVE-2024-7084
- CVE, Research URL
- Home page URL
- Application
- Date
- Aug 06, 2024
- Research Description
- The Ajax Search Lite WordPress plugin before 4.12.1 does not sanitise and escape some parameters, which could allow users with a role as low as Admin+ to perform Cross-Site Scripting attacks.
- Affected versions
-
max 4.12.1.
- Status
-
vulnerable
Oct 13, 2024
Ajax Search Lite # CVE-2024-8619
- CVE, Research URL
- Home page URL
- Application
- Date
- May 16, 2025
- Research Description
- The Ajax Search Lite WordPress plugin before 4.12.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
- Affected versions
-
max 4.12.3.
- Status
-
vulnerable
Dec 13, 2024
Ajax Search Lite # CVE-2024-10568
- CVE, Research URL
- Home page URL
- Application
- Date
- Dec 12, 2024
- Research Description
- The Ajax Search Lite WordPress plugin before 4.12.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
- Affected versions
-
max 4.12.4.
- Status
-
vulnerable
Feb 22, 2025
Ajax Search Lite # CVE-2024-13585
- CVE, Research URL
- Home page URL
- Application
- Date
- Feb 21, 2025
- Research Description
- The Ajax Search Lite WordPress plugin before 4.12.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
- Affected versions
-
max 4.12.5.
- Status
-
vulnerable
Dec 10, 2025
Ajax Search Lite # CVE-2025-48086
- CVE, Research URL
- Home page URL
- Application
- Date
- Nov 06, 2025
- Research Description
- Deserialization of Untrusted Data vulnerability in wpdreams Ajax Search Lite ajax-search-lite allows Object Injection.This issue affects Ajax Search Lite: from n/a through <= 4.13.3.
- Affected versions
-
max 4.13.3.
- Status
-
vulnerable