cleantalk
Vulnerabilities and Security Researches

Ivory Search – WordPress Search Plugin, 0a3d23ba799ad9e23da88ec8ee4c14432acb79fc

CVE, Research URL

0a3d23ba799ad9e23da88ec8ee4c14432acb79fc

Home page URL

Security reports for Ivory Search – WordPress Search Plugin

Application

Ivory Search – WordPress Search Plugin

Published on
Nov 02, 2021
Research Description
Ivory Search &#8211; WordPress Search Plugin [add-search-to-menu] < 4.8 Ivory Search <= 4.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting The Ivory Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in versions up to, and including, 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated Contributor+ attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 4.8.
Status
vulnerable
Previous vulnerability researches
Easy Code Snippets (9157f1c1aa17fcdb38ad432b11d2de5d2db4ade2) , Jun 16, 2026
Easy Code Snippets (7e57cd4f4859826de00a8e2b09ee24fb7f2d824b) , Jun 16, 2026
Easy Code Snippets (6ff37c2e-e21d-4abc-bafe-8ca6a2c1ed76) , Jun 16, 2026
Easy Code Snippets (6d8910c719b2a132ec93828cd37e418b19cac960) , Jun 16, 2026
Easy Code Snippets (CVE-2023-33999) , Jun 14, 2026
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026