cleantalk
Vulnerabilities and Security Researches

Ivory Search – WordPress Search Plugin, 7794b721-bbd5-43f6-b3af-b86426b359a2

CVE, Research URL

7794b721-bbd5-43f6-b3af-b86426b359a2

Home page URL

Security reports for Ivory Search – WordPress Search Plugin

Application

Ivory Search – WordPress Search Plugin

Published on
-
Research Description
Ivory Search &#8211; WordPress Search Plugin [add-search-to-menu] < 4.5.11 Ivory Search &lt; 4.5.11 - Authenticated Reflected Cross-Site Scripting (XSS) The setting page of Ivory Search 4.5.10 is vulnerable to reflected XSS when a logged in administrator visit a malicious link or page, as it does not sanitise or escape the GET post parameter before outputting it in a tag attribute
Affected versions
max 4.5.11.
Status
vulnerable
Previous vulnerability researches
Ivory Search &#8211; WordPress Search Plugin (7794b721-bbd5-43f6-b3af-b86426b359a2) , Jun 16, 2026
Ivory Search &#8211; WordPress Search Plugin (6d8910c719b2a132ec93828cd37e418b19cac960) , Jun 16, 2026
Ivory Search &#8211; WordPress Search Plugin (CVE-2026-1053) , Apr 15, 2026
Ivory Search &#8211; WordPress Search Plugin (1b1fe9af-6b09-4239-a0f1-7e503aacecbd) , Jun 16, 2026
Ivory Search &#8211; WordPress Search Plugin (b7a0fdeff3f6df9cde42915b897ded89fa214937) , Jun 16, 2026
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026