cleantalk
Vulnerabilities and Security Researches

Ajax Search Lite, CVE-2025-7956

CVE, Research URL

CVE-2025-7956

Home page URL

Security reports for Ajax Search Lite

Application

Ajax Search Lite

Published on
Aug 28, 2025
Research Description
The Ajax Search Lite plugin for WordPress is vulnerable to Basic Information Exposure due to missing authorization in its AJAX search handler in all versions up to, and including, 4.13.1. This makes it possible for unauthenticated attackers to issue repeated AJAX requests to leak the content of any protected post in rolling 100‑character windows.
Affected versions
max 4.13.2.
Status
vulnerable
Previous vulnerability researches
Portfolio and Projects (CVE-2024-13847) , Mar 15, 2025
Portfolio and Projects (1e5ab0d376bb286eb9f3c02b0bc3818f419fb17d) , Jun 07, 2024
Portfolio and Projects (CVE-2023-39995) , Jun 10, 2024
Portfolio and Projects (CVE-2025-67470) , Dec 11, 2025
Portfolio and Projects (CVE-2026-6443) , Apr 23, 2026
New vulnerability
WooCommerce Affiliate Plugin – Coupon Affiliates (CVE-2025-59567) , Apr 24, 2026
PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) (CVE-2025-8388) , Apr 24, 2026
Easy Quotes (CVE-2025-58681) , Apr 24, 2026
HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics (CVE-2025-11762) , Apr 24, 2026
Custom Blocks Constructor – Lazy Blocks (CVE-2025-58258) , Apr 24, 2026