The Ivory Search plugin for WordPress is vulnerable to a security flaw which allows attackers to inject malicious web scripts in pages. This security flaw exists in all versions up to and including 5.4.6, and is caused by the plugin not properly sanitizing and escaping user input. If an attacker can successfully get a user to click on a link, these malicious scripts will be executed.