The SearchIQ – The Search Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siq_searchbox' shortcode in all versions up to, and including, 4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Metrics
Affected Vendors & Products
References
History
Thu, 05 Jun 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Searchiq
Searchiq searchiq |
|
CPEs | cpe:2.3:a:searchiq:searchiq:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Searchiq
Searchiq searchiq |
Wed, 04 Dec 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 04 Dec 2024 04:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The SearchIQ – The Search Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siq_searchbox' shortcode in all versions up to, and including, 4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |
Title | SearchIQ – The Search Solution <= 4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: Wordfence
Published: 2024-12-04T03:37:40.590Z
Updated: 2024-12-04T21:05:14.831Z
Reserved: 2024-11-05T16:56:05.672Z
Link: CVE-2024-10885

Updated: 2024-12-04T20:11:01.469Z

Status : Analyzed
Published: 2024-12-04T04:15:04.133
Modified: 2025-06-05T15:50:23.097
Link: CVE-2024-10885

No data.