CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47507 – WordPress Better Search <= 4.1.0 - Cross Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2025-47507
07 May 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajay Better Search allows DOM-Based XSS. This issue affects Better Search: from n/a through 4.1.0. The Better Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping in the better search form. This makes it possible for authenticated attackers, with contributor-level access and above, to injec... • https://patchstack.com/database/wordpress/plugin/better-search/vulnerability/wordpress-better-search-4-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29142 – WordPress Better Search plugin <= 3.3.0 - Stored Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-29142
18 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebberZone Better Search – Relevant search results for WordPress allows Stored XSS.This issue affects Better Search – Relevant search results for WordPress: from n/a through 3.3.0. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-site Scripting') en WebberZone Better Search: los resultados de búsqueda relevantes para WordPress permiten almacenar XSS. Est... • https://patchstack.com/database/vulnerability/better-search/wordpress-better-search-plugin-3-3-0-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-4373 – Better Search <= 2.5.2 - Cross-Site Request Forgery to Settings Import
https://notcve.org/view.php?id=CVE-2021-4373
01 Mar 2021 — The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to import settings via forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1 • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-4400 – Better Search <= 2.5.2 - Cross-Site Request Forgery Bypass
https://notcve.org/view.php?id=CVE-2021-4400
01 Mar 2021 — The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the bsearch_process_settings_import() and bsearch_process_settings_export() functions. This makes it possible for unauthenticated attackers to import and export settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. El plugin Better Search para WordPress es v... • https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks • CWE-352: Cross-Site Request Forgery (CSRF) •