Every CVE whose affected-product data names Wp-dreams Ajax Search, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2024-21752 — CVSS 7.1 (high): Cross-Site Request Forgery (CSRF) vulnerability in Ernest Marcinko Ajax Search Lite allows Reflected XSS.This issue affects Ajax Search…
CVE-2023-1435 — CVSS 6.1 (medium): The Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape various parameters before outputting them back in pages…
CVE-2023-1420 — CVSS 6.1 (medium): The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a…
CVE-2024-8619 — CVSS 4.8 (medium): The Ajax Search Lite WordPress plugin before 4.12.3 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2024-7084 — CVSS 4.8 (medium): The Ajax Search Lite WordPress plugin before 4.12.1 does not sanitise and escape some parameters, which could allow users with a role as…
CVE-2024-10568 — CVSS 4.7 (medium): The Ajax Search Lite WordPress plugin before 4.12.4 does not sanitise and escape some of its settings, which could allow high privilege…
CVE-2024-13585 — CVSS 3.5 (low): The Ajax Search Lite WordPress plugin before 4.12.5 does not sanitise and escape some of its settings, which could allow high privilege…