CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31259 – WordPress SearchIQ plugin <= 4.5 - Sensitive Data Exposure via Log File vulnerability
https://notcve.org/view.php?id=CVE-2024-31259
Insertion of Sensitive Information into Log File vulnerability in Searchiq SearchIQ.This issue affects SearchIQ: from n/a through 4.5. The SearchIQ – The Search Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5 via log files. This makes it possible for unauthenticated attackers to extract sensitive data from log files. • https://patchstack.com/database/vulnerability/searchiq/wordpress-searchiq-plugin-4-5-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47832 – SearchIQ <= 4.4 - Missing Authorization via getSIQPluginSettings
https://notcve.org/view.php?id=CVE-2023-47832
The SearchIQ plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getSIQPluginSettings function in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to view information such as the plugin settings, theme, and WordPress and PHP version. • CWE-862: Missing Authorization •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0780 – SearchIQ < 3.9 - Unauthenticated Stored XSS
https://notcve.org/view.php?id=CVE-2022-0780
The SearchIQ WordPress plugin before 3.9 contains a flag to disable the verification of CSRF nonces, granting unauthenticated attackers access to the siq_ajax AJAX action and allowing them to perform Cross-Site Scripting attacks due to the lack of sanitisation and escaping in the customCss parameter El plugin SearchIQ de WordPress versiones anteriores a 3.9, contiene un flag para deshabilitar la verificación de los nonces de tipo CSRF, lo que permite a atacantes no autenticados acceder a la acción siq_ajax AJAX y llevar a cabo ataques de tipo Cross-Site Scripting debido a una falta de saneo y escape en el parámetro customCss • https://wpscan.com/vulnerability/0ee7d1a8-9782-4db5-b055-e732f2763825 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •