CVE-2022-2535

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink
References
Configurations

Configuration 1

cpe:2.3:a:searchwp:searchwp_live_ajax_search:*:*:*:*:*:wordpress:*:*

Information

Published : 2022-08-15 11:21

Updated : 2022-08-16 04:16


NVD link : CVE-2022-2535

Mitre link : CVE-2022-2535

Products Affected
No products.
CWE