Threat Entry Updated 2025-05-26

CVE-2024-13350 - Searchiq Plugin

The SearchIQ – The Search Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siq_searchbox' shortcode in all versions up to, and including, 4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Searchiq

CVE-2024-13350

MEDIUM CVSS 6.4 2025-03-05

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-06-05

CVE-2024-10885 - Searchiq Plugin

The SearchIQ – The Search Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siq_searchbox' shortcode in all versions up to, and including, 4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Searchiq

CVE-2024-10885

MEDIUM CVSS 6.4 2024-12-04

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2022-0780 - Searchiq Plugin

The SearchIQ WordPress plugin before 3.9 contains a flag to disable the verification of CSRF nonces, granting unauthenticated attackers access to the siq_ajax AJAX action and allowing them to perform Cross-Site Scripting attacks due to the lack of sanitisation and escaping in the customCss parameter

PLUGIN Searchiq

CVE-2022-0780

MEDIUM CVSS 6.1 2022-04-18

Risk Score

Open Full Technical Breakdown