Basic Information Exposure in Ajax Search Lite Plugin for WordPress
CVE-2025-7956

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: Ajax Search Lite – Live Search & Filter
Vendor: CVE Published:; 28 August 2025

What is CVE-2025-7956?

The Ajax Search Lite plugin for WordPress is susceptible to Basic Information Exposure due to a lack of proper authorization in its AJAX search handler. This vulnerability affects all versions up to and including 4.13.1. As a result, unauthenticated attackers can exploit this weakness by sending repeated AJAX requests, potentially exposing the content of protected posts in segments of 100-character windows, thus compromising the confidentiality of sensitive information.

Affected Version(s)

Ajax Search Lite – Live Search & Filter * <= 4.13.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://wordpress.org/plugins/ajax-search-lite/#developers

https://plugins.trac.wordpress.org/browser/ajax-search-li...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 28, 2025
Vulnerability Reserved
Jul 21, 2025

Credit

Matthew Rollings