cleantalk
Vulnerabilities and Security Researches

Ivory Search – WordPress Search Plugin, CVE-2021-25105

CVE, Research URL

CVE-2021-25105

Home page URL

Security reports for Ivory Search – WordPress Search Plugin

Application

Ivory Search – WordPress Search Plugin

Published on
Feb 07, 2022
Research Description
The Ivory Search WordPress plugin before 5.4.1 does not escape some of the Form settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Affected versions
max 5.4.4.
Status
vulnerable
Previous vulnerability researches
Ivory Search – WordPress Search Plugin (CVE-2022-4974) , Nov 15, 2024
Ivory Search – WordPress Search Plugin (CVE-2025-63069) , Jan 08, 2026
Ivory Search – WordPress Search Plugin (CVE-2021-36869) , Jun 06, 2024
Ivory Search – WordPress Search Plugin (CVE-2021-24234) , Jun 06, 2024
Ivory Search – WordPress Search Plugin (CVE-2024-3233) , Jun 06, 2024
New vulnerability
WING WordPress Migrator (CVE-2025-52835) , Jan 10, 2026
WP Webhooks – Automate repetitive tasks by creating powerful automation workflows directly within WordPress (CVE-2025-66074) , Jan 10, 2026
1180px Shortcodes (CVE-2025-14114) , Jan 10, 2026
Listdom – Business Directory and Classified Ads Listings WordPress Plugin (CVE-2025-67560) , Jan 10, 2026
Simple CSV Table (CVE-2025-12960) , Jan 10, 2026