Vulnerability CVE-2022-2535


Published: 2022-08-15

Description:
The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink

Type:

CWE-639

(Authorization Bypass Through User-Controlled Key)

 References:
https://wpscan.com/vulnerability/0e13c375-044c-4c2e-ab8e-48cb89d90d02

Copyright 2026, cxsecurity.com

 

Back to Top