Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-06-26
CVE-2025-5209 - Ivory Search Plugin
The Ivory Search WordPress plugin before 5.5.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
PLUGIN
Ivory Search
CVE-2025-5209
Risk Score
Threat Entry
Updated 2024-09-11
CVE-2024-6835 - Ivory Search Plugin
The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.5.6 via the ajax_load_posts function. This makes it possible for unauthenticated attackers to extract text data from password-protected posts using the boolean-based attack on the AJAX search form
PLUGIN
Ivory Search
CVE-2024-6835
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-25105 - Ivory Search Plugin
The Ivory Search WordPress plugin before 5.4.1 does not escape some of the Form settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
PLUGIN
Ivory Search
CVE-2021-25105
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-36869 - Ivory Search Plugin
Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory Search plugin (versions
PLUGIN
Ivory Search
CVE-2021-36869
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24234 - Ivory Search Plugin
The Search Forms page of the Ivory Search WordPress lugin before 4.6.1 did not properly sanitise the tab parameter before output it in the page, leading to a reflected Cross-Site Scripting issue when opening a malicious crafted link as a high privilege user. Knowledge of a form id is required to conduct the attack.
PLUGIN
Ivory Search
CVE-2021-24234
Risk Score