The FiboSearch – AJAX Search for WooCommerce plugin for WordPress is vulnerable to a type of security issue called Stored Cross-Site Scripting (Stored XSS). This affects versions up to and including 1.23.0 of the plugin. This security issue only affects multi-site installations and installations where a certain security setting (unfiltered_html) has been disabled. When this security issue is present, authenticated attackers with administrator-level permissions and above can inject arbitrary web scripts into pages. These scripts will then run whenever a user accesses the injected page.