First published: Wed Mar 15 2023(Updated: )
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ernest Marcinko Ajax Search Lite plugin <= 4.10.3 versions.
Credit: audit@patchstack.com
Affected Software | Affected Version | How to fix |
---|---|---|
Ajax Search Project Ajax Search | <=4.10.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-38456 is high with a CVSS score of 7.5.
The affected software of CVE-2022-38456 is the Ernest Marcinko Ajax Search Lite plugin versions up to and including 4.10.3.
The CWE of CVE-2022-38456 is CWE-200.
To fix CVE-2022-38456, you should update the Ernest Marcinko Ajax Search Lite plugin to version 4.10.4 or later.
You can find more information about CVE-2022-38456 [here](https://patchstack.com/database/vulnerability/ajax-search-lite/wordpress-ajax-search-lite-plugin-4-10-3-auth-data-exposure-vulnerability?_s_id=cve).