CVE-2024-6835
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
05/09/2024
Last modified:
11/09/2024
Description
The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.5.6 via the ajax_load_posts function. This makes it possible for unauthenticated attackers to extract text data from password-protected posts using the boolean-based attack on the AJAX search form
Impact
Base Score 3.x
5.30
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ivorysearch:ivory_search:*:*:*:*:*:wordpress:*:* | 5.5.7 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://plugins.trac.wordpress.org/browser/add-search-to-menu/tags/5.5.6/public/class-is-ajax.php#L45
- https://plugins.trac.wordpress.org/browser/add-search-to-menu/tags/5.5.6/public/partials/is-ajax-results.php#L57
- https://plugins.trac.wordpress.org/changeset/3145289/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/013f7c26-8348-4c54-af61-473a720a5095?source=cve