CVE-2024-7084
Ajax Search Lite < 4.12.1 - Admin+ Stored XSS
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The Ajax Search Lite WordPress plugin before 4.12.1 does not sanitise and escape some parameters, which could allow users with a role as low as Admin+ to perform Cross-Site Scripting attacks.
El complemento Ajax Search Lite de WordPress anterior a 4.12.1 no sanitiza ni escapa a algunos parĂ¡metros, lo que podrĂa permitir a los usuarios con un rol tan bajo como Admin+ realizar ataques de Cross-Site Scripting.
The Ajax Search Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-07-16 CVE Published
- 2024-07-24 CVE Reserved
- 2024-08-13 EPSS Updated
- 2024-11-01 CVE Updated
- 2024-11-01 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://wpscan.com/vulnerability/0d38bf4d-de6a-49f8-be69-fa483fa61bb7 | 2024-11-01 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Unknown Search vendor "Unknown" | Ajax Search Lite Search vendor "Unknown" for product "Ajax Search Lite" | < 4.12.1 Search vendor "Unknown" for product "Ajax Search Lite" and version " < 4.12.1" | en |
Affected
|