The WP Fast Total Search plugin for WordPress has a security vulnerability that allows attackers to inject harmful code through the WPFTS Live Search widget. This can happen in versions up to and including 1.59.211 because the plugin does not properly clean and protect user input. Attackers with contributor-level access or higher can take advantage of this vulnerability to insert malicious code into pages, which will then run whenever a user visits the affected page.
Input validation vulnerability in WP Fast Total Search – The Power of Indexed Search 1.59.211
- Severity: medium-risk
- Status: Fixed
- Publication: March 25, 2024
Detected in:
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
- Incorrect?
Is this information incorrect? Please leave us a message.