Описание
The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.6.2 (исключая)
cpe:2.3:a:searchwp:searchwp_live_ajax_search:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 93%
0.09769
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-639
Связанные уязвимости
CVSS3: 5.3
github
больше 3 лет назад
The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink
EPSS
Процентиль: 93%
0.09769
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-639