{"id":6850,"date":"2025-06-14T04:06:55","date_gmt":"2025-06-14T04:06:55","guid":{"rendered":"http:\/\/localhost\/?p=6850"},"modified":"2025-06-14T04:06:55","modified_gmt":"2025-06-14T04:06:55","slug":"xisearch-bar-26-cross-site-request-forgery-to-stored-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=6850","title":{"rendered":"XiSearch bar <= 2.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nXiSearch bar <= 2.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-06-14T08:23:27.045Z<\/td>\n<\/tr>\n
Last Seen<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\ndmitry78<\/td>\n<\/tr>\n
Product<\/th>\nXiSearch bar<\/td>\n<\/tr>\n
Version<\/th>\n*<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n\n\n\n
Base Score<\/th>\n6.1 (MEDIUM)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N<\/td>\n<\/tr>\n
Confidentiality Impact<\/th>\n<\/td>\n<\/tr>\n
Integrity Impact<\/th>\n<\/td>\n<\/tr>\n
Availability Impact<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nThe XiSearch bar plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to 2.6, allowing unauthenticated attackers to update settings and inject malicious scripts if they can trick an administrator into performing an action like clicking a link.<\/td>\n<\/tr>\n
AI Severity<\/th>\nMedium<\/td>\n<\/tr>\n
Vendor<\/th>\nWordPress Community<\/td>\n<\/tr>\n
Product<\/th>\nXiSearch bar<\/td>\n<\/tr>\n
Affected Version<\/th>\n<= 2.6<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n