Search criteria
4 vulnerabilities found for Ivory Search – WordPress Search Plugin by Unknown
CVE-2021-25105 (GCVE-0-2021-25105)
Vulnerability from cvelistv5 – Published: 2022-02-07 15:47 – Updated: 2024-08-03 19:56
VLAI?
Title
Ivory Search < 5.4.1 - Multiple Admin+ Stored Cross-Site Scripting
Summary
The Ivory Search WordPress plugin before 5.4.1 does not escape some of the Form settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Ivory Search – WordPress Search Plugin |
Affected:
5.4.1 , < 5.4.1
(custom)
|
Credits
Yoru Oni
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/a9ab9e84-7f5e-4e7c-8647-114d9e02e59f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ivory Search \u2013 WordPress Search Plugin",
"vendor": "Unknown",
"versions": [
{
"lessThan": "5.4.1",
"status": "affected",
"version": "5.4.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Yoru Oni"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ivory Search WordPress plugin before 5.4.1 does not escape some of the Form settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-07T15:47:22",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/a9ab9e84-7f5e-4e7c-8647-114d9e02e59f"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Ivory Search \u003c 5.4.1 - Multiple Admin+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-25105",
"STATE": "PUBLIC",
"TITLE": "Ivory Search \u003c 5.4.1 - Multiple Admin+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ivory Search \u2013 WordPress Search Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.4.1",
"version_value": "5.4.1"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Yoru Oni"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ivory Search WordPress plugin before 5.4.1 does not escape some of the Form settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/a9ab9e84-7f5e-4e7c-8647-114d9e02e59f",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/a9ab9e84-7f5e-4e7c-8647-114d9e02e59f"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-25105",
"datePublished": "2022-02-07T15:47:22",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24234 (GCVE-0-2021-24234)
Vulnerability from cvelistv5 – Published: 2021-04-22 21:00 – Updated: 2024-08-03 19:21
VLAI?
Title
Ivory Search < 4.6.1 - Reflected Cross Site Scripting (XSS)
Summary
The Search Forms page of the Ivory Search WordPress lugin before 4.6.1 did not properly sanitise the tab parameter before output it in the page, leading to a reflected Cross-Site Scripting issue when opening a malicious crafted link as a high privilege user. Knowledge of a form id is required to conduct the attack.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Ivory Search – WordPress Search Plugin |
Affected:
4.6.1 , < 4.6.1
(custom)
|
Credits
Jinson Varghese Behanan
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/ecc620be-8e29-4860-9d32-86b5814a3835"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.getastra.com/blog/911/plugin-exploit/reflected-xss-vulnerability-in-ivory-search-wp-plugin/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.jinsonvarghese.com/reflected-xss-vulnerability-found-in-ivory-search-plugin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ivory Search \u2013 WordPress Search Plugin",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.6.1",
"status": "affected",
"version": "4.6.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jinson Varghese Behanan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Search Forms page of the Ivory Search WordPress lugin before 4.6.1 did not properly sanitise the tab parameter before output it in the page, leading to a reflected Cross-Site Scripting issue when opening a malicious crafted link as a high privilege user. Knowledge of a form id is required to conduct the attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T21:00:50",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/ecc620be-8e29-4860-9d32-86b5814a3835"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.getastra.com/blog/911/plugin-exploit/reflected-xss-vulnerability-in-ivory-search-wp-plugin/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.jinsonvarghese.com/reflected-xss-vulnerability-found-in-ivory-search-plugin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Ivory Search \u003c 4.6.1 - Reflected Cross Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24234",
"STATE": "PUBLIC",
"TITLE": "Ivory Search \u003c 4.6.1 - Reflected Cross Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ivory Search \u2013 WordPress Search Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.6.1",
"version_value": "4.6.1"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jinson Varghese Behanan"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Search Forms page of the Ivory Search WordPress lugin before 4.6.1 did not properly sanitise the tab parameter before output it in the page, leading to a reflected Cross-Site Scripting issue when opening a malicious crafted link as a high privilege user. Knowledge of a form id is required to conduct the attack."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/ecc620be-8e29-4860-9d32-86b5814a3835",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/ecc620be-8e29-4860-9d32-86b5814a3835"
},
{
"name": "https://www.getastra.com/blog/911/plugin-exploit/reflected-xss-vulnerability-in-ivory-search-wp-plugin/",
"refsource": "MISC",
"url": "https://www.getastra.com/blog/911/plugin-exploit/reflected-xss-vulnerability-in-ivory-search-wp-plugin/"
},
{
"name": "https://www.jinsonvarghese.com/reflected-xss-vulnerability-found-in-ivory-search-plugin/",
"refsource": "MISC",
"url": "https://www.jinsonvarghese.com/reflected-xss-vulnerability-found-in-ivory-search-plugin/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24234",
"datePublished": "2021-04-22T21:00:50",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:21:18.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25105 (GCVE-0-2021-25105)
Vulnerability from nvd – Published: 2022-02-07 15:47 – Updated: 2024-08-03 19:56
VLAI?
Title
Ivory Search < 5.4.1 - Multiple Admin+ Stored Cross-Site Scripting
Summary
The Ivory Search WordPress plugin before 5.4.1 does not escape some of the Form settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Ivory Search – WordPress Search Plugin |
Affected:
5.4.1 , < 5.4.1
(custom)
|
Credits
Yoru Oni
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:10.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/a9ab9e84-7f5e-4e7c-8647-114d9e02e59f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ivory Search \u2013 WordPress Search Plugin",
"vendor": "Unknown",
"versions": [
{
"lessThan": "5.4.1",
"status": "affected",
"version": "5.4.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Yoru Oni"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ivory Search WordPress plugin before 5.4.1 does not escape some of the Form settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-07T15:47:22",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/a9ab9e84-7f5e-4e7c-8647-114d9e02e59f"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Ivory Search \u003c 5.4.1 - Multiple Admin+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-25105",
"STATE": "PUBLIC",
"TITLE": "Ivory Search \u003c 5.4.1 - Multiple Admin+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ivory Search \u2013 WordPress Search Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.4.1",
"version_value": "5.4.1"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Yoru Oni"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ivory Search WordPress plugin before 5.4.1 does not escape some of the Form settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/a9ab9e84-7f5e-4e7c-8647-114d9e02e59f",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/a9ab9e84-7f5e-4e7c-8647-114d9e02e59f"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-25105",
"datePublished": "2022-02-07T15:47:22",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:56:10.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24234 (GCVE-0-2021-24234)
Vulnerability from nvd – Published: 2021-04-22 21:00 – Updated: 2024-08-03 19:21
VLAI?
Title
Ivory Search < 4.6.1 - Reflected Cross Site Scripting (XSS)
Summary
The Search Forms page of the Ivory Search WordPress lugin before 4.6.1 did not properly sanitise the tab parameter before output it in the page, leading to a reflected Cross-Site Scripting issue when opening a malicious crafted link as a high privilege user. Knowledge of a form id is required to conduct the attack.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Ivory Search – WordPress Search Plugin |
Affected:
4.6.1 , < 4.6.1
(custom)
|
Credits
Jinson Varghese Behanan
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/ecc620be-8e29-4860-9d32-86b5814a3835"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.getastra.com/blog/911/plugin-exploit/reflected-xss-vulnerability-in-ivory-search-wp-plugin/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.jinsonvarghese.com/reflected-xss-vulnerability-found-in-ivory-search-plugin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ivory Search \u2013 WordPress Search Plugin",
"vendor": "Unknown",
"versions": [
{
"lessThan": "4.6.1",
"status": "affected",
"version": "4.6.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jinson Varghese Behanan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Search Forms page of the Ivory Search WordPress lugin before 4.6.1 did not properly sanitise the tab parameter before output it in the page, leading to a reflected Cross-Site Scripting issue when opening a malicious crafted link as a high privilege user. Knowledge of a form id is required to conduct the attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-22T21:00:50",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/ecc620be-8e29-4860-9d32-86b5814a3835"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.getastra.com/blog/911/plugin-exploit/reflected-xss-vulnerability-in-ivory-search-wp-plugin/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.jinsonvarghese.com/reflected-xss-vulnerability-found-in-ivory-search-plugin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Ivory Search \u003c 4.6.1 - Reflected Cross Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24234",
"STATE": "PUBLIC",
"TITLE": "Ivory Search \u003c 4.6.1 - Reflected Cross Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ivory Search \u2013 WordPress Search Plugin",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.6.1",
"version_value": "4.6.1"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jinson Varghese Behanan"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Search Forms page of the Ivory Search WordPress lugin before 4.6.1 did not properly sanitise the tab parameter before output it in the page, leading to a reflected Cross-Site Scripting issue when opening a malicious crafted link as a high privilege user. Knowledge of a form id is required to conduct the attack."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/ecc620be-8e29-4860-9d32-86b5814a3835",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/ecc620be-8e29-4860-9d32-86b5814a3835"
},
{
"name": "https://www.getastra.com/blog/911/plugin-exploit/reflected-xss-vulnerability-in-ivory-search-wp-plugin/",
"refsource": "MISC",
"url": "https://www.getastra.com/blog/911/plugin-exploit/reflected-xss-vulnerability-in-ivory-search-wp-plugin/"
},
{
"name": "https://www.jinsonvarghese.com/reflected-xss-vulnerability-found-in-ivory-search-plugin/",
"refsource": "MISC",
"url": "https://www.jinsonvarghese.com/reflected-xss-vulnerability-found-in-ivory-search-plugin/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24234",
"datePublished": "2021-04-22T21:00:50",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:21:18.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}