cleantalk
Vulnerabilities and Security Researches

Ajax Search Lite, CVE-2025-7956

CVE, Research URL

CVE-2025-7956

Home page URL

Security reports for Ajax Search Lite

Application

Ajax Search Lite

Published on
Aug 28, 2025
Research Description
The Ajax Search Lite plugin for WordPress is vulnerable to Basic Information Exposure due to missing authorization in its AJAX search handler in all versions up to, and including, 4.13.1. This makes it possible for unauthenticated attackers to issue repeated AJAX requests to leak the content of any protected post in rolling 100‑character windows.
Affected versions
max 4.13.2.
Status
vulnerable
Previous vulnerability researches
Shipment Tracker for Woocommerce (CVE-2025-24586) , Apr 20, 2025
Shipment Tracker for Woocommerce (CVE-2026-39540) , Apr 23, 2026
New vulnerability
Events Addon for Elementor (CVE-2025-8150) , Apr 24, 2026
WordPress Infinite Scroll – Ajax Load More (CVE-2025-59582) , Apr 24, 2026
WP Compress – Image Optimizer [All-In-One] (CVE-2025-57899) , Apr 24, 2026
Classified Listing – Classified ads & Business Directory Plugin (CVE-2025-7711) , Apr 24, 2026
Popup Anything – Popup for opt-ins and Lead Generation Conversions (CVE-2026-6443) , Apr 24, 2026