Ajax Search Lite by Ernest Marcinko

Ajax Search Lite by Ernest Marcinko <= 4.10.3 - Subscriber+ Sensitive Data Disclosure

LANACOMMONVDB ID: c2e74140-1819-41bb-a27f-4d8824db209b

The plugin does not have authorisation and Cross-Site Request Forgery (CSRF) check in the wd_search_cf AJAX action, which could allow any authenticated users to call it and retrieve arbitrary post metadata.

You must be log in to view vulnerability details.

Or register a new account.

References

Source Code: https://wordpress.org/plugins/ajax-search-lite/

CVE: CVE-2022-38456

Attributes

Catgory: WordPress Plugin

Discovered: 2022-10-17

Published: 2023-02-06

Affected Version: <= 4.10.3

Classification

Type: Cross-Site Request Forgery (CSRF), Missing Authorization, Sensitive Data Disclosure

Researcher

Name: István Márton

Email: [email protected]

Support Us?

We would truly appreciate it if you bought us a bunny (food for a snow leopard).