Threat Entry Updated 2026-04-15

CVE-2026-1053 - Wordpress Search Plugin

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.5.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

PLUGIN Wordpress Search

CVE-2026-1053

MEDIUM CVSS 4.4 2026-01-28

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-09-11

CVE-2024-6835 - Wordpress Search Plugin

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.5.6 via the ajax_load_posts function. This makes it possible for unauthenticated attackers to extract text data from password-protected posts using the boolean-based attack on the AJAX search form

PLUGIN Wordpress Search

CVE-2024-6835

MEDIUM CVSS 5.3 2024-09-05

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2024-3233 - Wordpress Search Plugin

The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_create_index() function in all versions up to, and including, 5.5.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to trigger index creation.

PLUGIN Wordpress Search

CVE-2024-3233

MEDIUM CVSS 4.3 2024-05-02

Risk Score

Open Full Technical Breakdown