CVE-2022-0780

CVE-2022-0780: SearchIQ < 3.9 - Unauthenticated Stored XSS

Vendor Unknown

Product SearchIQ – The Search Solution

Weakness CWE-79 · XSS

Published April 18, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The SearchIQ WordPress plugin before 3.9 contains a flag to disable the verification of CSRF nonces, granting unauthenticated attackers access to the siq_ajax AJAX action and allowing them to perform Cross-Site Scripting attacks due to the lack of sanitisation and escaping in the customCss parameter

Key dates

02Disclosure timeline

April 18, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0780 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-0838 Happy Addons for Elementor <= 3.10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2026-13567 code-projects Online Music Site POST Request Feedback.php cross site scripting CVE-2024-51887 WordPress NV Slider plugin <= 1.6 - Stored Cross Site Scripting (XSS) vulnerability CVE-2026-9809 CVE-2023-43718 Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)