CVE-2022-2535

CVE-2022-2535: SearchWP Live Ajax Search < 1.6.2 - Unauthenticated Arbitrary Post Title Disclosure

Vendor Unknown
Product SearchWP Live Ajax Search
Weakness CWE-639 · IDOR
Published August 15, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink

Key dates

02Disclosure timeline

August 15, 2022 CVE published
August 3, 2024 Record updated