Ivory Search WordPress Plugin Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the Ivory Search WordPress plugin, affecting versions prior to 5.5.10. The issue arises because the plugin fails to properly sanitize and escape certain settings. This flaw enables high-privilege users, such as administrators, to execute cross-site scripting attacks, even when unfiltered HTML is not permitted.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the affected content.

Reproduction

To reproduce this vulnerability, log in as an admin user and navigate to the 'Ivory Search' plugin settings. Select an AJAX Search Form to edit. Before saving the form, intercept the POST request using Burp Suite. Add a script payload, such as an 'onmouseover' event, to one of the settings that is not properly sanitized. After saving the form, add the search form shortcode to a post. When the post is viewed, the injected script will execute, demonstrating the cross-site scripting vulnerability.

Remediation

Users are advised to update the Ivory Search WordPress plugin to version 5.5.10 or later.