The Ivory Search plugin for WordPress has a security vulnerability that allows attackers with Contributor+ access to inject malicious web scripts into pages. This vulnerability exists in versions up to and including 4.7.1. It is caused by input sanitization and output escaping not being sufficient enough to prevent malicious code from being injected. When a user accesses an injected page, the malicious web script will execute.