Ivory Search – WordPress Search Plugin, ce35ebd754f1b24c19b4940df647278487c2908e

CVE, Research URL: ce35ebd754f1b24c19b4940df647278487c2908e
Home page URL: Security reports for Ivory Search – WordPress Search Plugin
Application: Ivory Search – WordPress Search Plugin
Published on: Feb 01, 2021
Research Description: Ivory Search – WordPress Search Plugin [add-search-to-menu] < 4.5.11 Ivory Search – WordPress Search Plugin <= 4.5.10 - Reflected Cross-Site Scripting The "Ivory Search – WordPress Search Plugin" plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘post’ parameter in versions up to, and including, 4.5.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: max 4.5.11.
Status: vulnerable

Ivory Search &#8211; WordPress Search Plugin, ce35ebd754f1b24c19b4940df647278487c2908e