Cyber Resilience

CVE-2022-2535

MediumPublic PoC

Published: 15 August 2022

Published
15 August 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score 0.1841 95.4th percentile
Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-2535 is a medium-severity Authorization Bypass Through User-Controlled Key (CWE-639) vulnerability in Searchwp Searchwp Live Ajax Search. Its CVSS base score is 5.3 (Medium).

Operationally, ranked in the top 4.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

The SearchWP Live Ajax Search WordPress plugin before version 1.6.2 contains an authorization bypass vulnerability tracked as CVE-2022-2535 and CWE-639. The component fails to restrict live search queries to published posts, enabling exposure of titles and permalinks belonging to private, draft, or pending content. The issue carries a CVSS 3.1 score of 5.3 reflecting network-accessible information disclosure without authentication or user interaction.

Unauthenticated attackers can submit crafted search requests to the affected Ajax endpoint and retrieve metadata that should remain restricted. Successful exploitation yields limited confidentiality impact by surfacing internal post information and direct links that would otherwise require elevated privileges to view.

The referenced WPScan advisory at https://wpscan.com/vulnerability/0e13c375-044c-4c2e-ab8e-48cb89d90d02 documents the flaw and confirms the availability of a fix in plugin release 1.6.2. The EPSS score remains flat at a peak of 0.1841 with no material increase observed after disclosure.

EU & UK References

Vulnerability details

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

searchwp
searchwp live ajax search
≤ 1.6.2

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-639

Per-request decision making makes it harder to bypass authorization using user-controlled keys without proper validation in the decision process.

addresses: CWE-639

Consistent enforcement of approved authorizations makes bypassing via user-controlled keys ineffective.

References