First published: Mon Apr 24 2023(Updated: )
The Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Ajax Search Project Ajax Search | <4.26.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2023-1435.
The severity of CVE-2023-1435 is medium.
The affected software of CVE-2023-1435 is the Ajax Search Pro WordPress plugin before version 4.26.2.
CVE-2023-1435 allows for Reflected Cross-Site Scripting, which could be used against high privilege users such as admin.
To fix CVE-2023-1435, update the Ajax Search Pro WordPress plugin to version 4.26.2 or higher.