cleantalk
Vulnerabilities and Security Researches

Lava Ajax Search, CVE-2025-28937

CVE, Research URL

CVE-2025-28937

Home page URL

Security reports for Lava Ajax Search

Application

Lava Ajax Search

Published on
Mar 12, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lavacode Lava Ajax Search allows Stored XSS. This issue affects Lava Ajax Search: from n/a through 1.1.9.
Affected versions
Min -, max 1.1.9.
Status
vulnerable
Previous vulnerability researches
Gutenberg Blocks by Kadence Blocks – Page Builder Features (CVE-2025-1291) , Mar 05, 2025
Gutenberg Blocks by Kadence Blocks – Page Builder Features (CVE-2024-5819) , Jul 01, 2024
Gutenberg Blocks by Kadence Blocks – Page Builder Features (CVE-2024-12581) , Dec 15, 2024
Gutenberg Blocks by Kadence Blocks – Page Builder Features (CVE-2024-10785) , Nov 21, 2024
Gutenberg Blocks by Kadence Blocks – Page Builder Features (CVE-2025-24753) , Jan 26, 2025
New vulnerability
Business Directory Plugin – Easy Listing Directories for WordPress (CVE-2024-13887) , Mar 14, 2025
AppPresser – Mobile App Framework (CVE-2025-1561) , Mar 14, 2025
Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin (CVE-2025-1119) , Mar 14, 2025
CRM and Lead Management by vcita (CVE-2024-13703) , Mar 14, 2025
WP Recipe Maker (CVE-2025-1503) , Mar 14, 2025