Stored XSS Vulnerability in Ivory Search Plugin for WordPress
CVE-2026-11356

4.4MEDIUM

What is CVE-2026-11356?

The Ivory Search – WordPress Search Plugin is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping. This vulnerability allows authenticated users, particularly those with administrator-level access, to inject malicious web scripts through the 'menu_title' and 'menu_magnifier_color' settings. Consequently, these scripts can execute automatically when a user accesses an affected page, potentially compromising user data and the integrity of the website.

Affected Version(s)

Ivory Search – WordPress Search Plugin 0 <= 5.5.15

References

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Meher Sudhakar Abbireddi
.