Threat Entry Updated 2026-04-15

CVE-2026-1053 - Add Search To Menu Plugin

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

PLUGIN Add Search To Menu

CVE-2026-1053

MEDIUM CVSS 4.4 2026-01-28

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-09-11

CVE-2024-6835 - Add Search To Menu Plugin

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.5.6 via the ajax_load_posts function. This makes it possible for unauthenticated attackers to extract text data from password-protected posts using the boolean-based attack on the AJAX search form

PLUGIN Add Search To Menu

CVE-2024-6835

MEDIUM CVSS 5.3 2024-09-05

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2021-36869 - Add Search To Menu Plugin

Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory Search plugin (versions

PLUGIN Add Search To Menu

CVE-2021-36869

MEDIUM CVSS 4.8 2021-10-21

Risk Score

Open Full Technical Breakdown