cleantalk
Vulnerabilities and Security Researches

Ivory Search – WordPress Search Plugin, CVE-2021-24234

CVE, Research URL

CVE-2021-24234

Home page URL

Security reports for Ivory Search – WordPress Search Plugin

Application

Ivory Search – WordPress Search Plugin

Published on
Apr 23, 2021
Research Description
The Search Forms page of the Ivory Search WordPress lugin before 4.6.1 did not properly sanitise the tab parameter before output it in the page, leading to a reflected Cross-Site Scripting issue when opening a malicious crafted link as a high privilege user. Knowledge of a form id is required to conduct the attack.
Affected versions
Min -, max 5.5.2.
Status
vulnerable
Previous vulnerability researches
Ivory Search – WordPress Search Plugin (CVE-2022-4974) , Nov 15, 2024
Ivory Search – WordPress Search Plugin (CVE-2021-36869) , Jun 06, 2024
Ivory Search – WordPress Search Plugin (CVE-2021-24234) , Jun 06, 2024
Ivory Search – WordPress Search Plugin (CVE-2024-3233) , Jun 06, 2024
Ivory Search – WordPress Search Plugin (CVE-2021-25105) , Jun 06, 2024
New vulnerability
Wise Chat (CVE-2025-3774) , Jun 18, 2025
WPAdverts – Classifieds Plugin (CVE-2025-49878) , Jun 18, 2025
Brid Video Easy Publish (CVE-2025-5237) , Jun 18, 2025
YITH PayPal Express Checkout for WooCommerce (CVE-2025-48111) , Jun 18, 2025
WordPress Infinite Scroll – Ajax Load More (CVE-2025-4775) , Jun 18, 2025