CVE 5.3 MEDIUM

Ajax Search Lite <= 4.13.1 - Missing Authorization to Unauthenticated Basic Information Exposure via ASL_Query in AJAX Search Handler_CVE-2025-7956

August 28, 2025 invoker category_cve
5.3 / 10
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Description

The Ajax Search Lite plugin for WordPress is vulnerable to Basic Information Exposure due to missing authorization in its AJAX search handler in all versions up to, and including, 4.13.1. This makes it possible for unauthenticated attackers to issue repeated AJAX requests to leak the content of any protected post in rolling 100‑character windows.

Basic Information

ID CVE-2025-7956
Source Wordfence
Published Aug 28, 2025 at 05:24

Affected Product

Vendor wpdreams
Product Ajax Search Lite – Live Search & Filter
Version *
Affected Versions wpdreams Ajax Search Lite – Live Search & Filter *

CWE Classification

CWE-862

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.