Stored XSS Vulnerability in Ivory Search Plugin for WordPress
CVE-2026-11356
4.4MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 27 June 2026
What is CVE-2026-11356?
The Ivory Search β WordPress Search Plugin is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping. This vulnerability allows authenticated users, particularly those with administrator-level access, to inject malicious web scripts through the 'menu_title' and 'menu_magnifier_color' settings. Consequently, these scripts can execute automatically when a user accesses an affected page, potentially compromising user data and the integrity of the website.
Affected Version(s)
Ivory Search β WordPress Search Plugin 0 <= 5.5.15