The Ivory Search – WordPress Search Plugin is vulnerable to a security flaw called Reflected Cross-Site Scripting in versions up to and including 4.5.10. This flaw happens when malicious code is inserted into webpages and can be activated if a user clicks on a link. Unsanitized input and lack of output escaping make this possible.