Security Advisory

CVE-2022-2535

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-08-15 08:38:10

Last updated 2024-08-03 00:39:08

Assigner WPScan

State PUBLISHED

Description

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink

← Browse all CVEs View on cve.org ↗