CVE-2022-2535
Published: 15 August 2022
Summary
CVE-2022-2535 is a medium-severity Authorization Bypass Through User-Controlled Key (CWE-639) vulnerability in Searchwp Searchwp Live Ajax Search. Its CVSS base score is 5.3 (Medium).
Operationally, ranked in the top 4.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
The SearchWP Live Ajax Search WordPress plugin before version 1.6.2 contains an authorization bypass vulnerability tracked as CVE-2022-2535 and CWE-639. The component fails to restrict live search queries to published posts, enabling exposure of titles and permalinks belonging to private, draft, or pending content. The issue carries a CVSS 3.1 score of 5.3 reflecting network-accessible information disclosure without authentication or user interaction.
Unauthenticated attackers can submit crafted search requests to the affected Ajax endpoint and retrieve metadata that should remain restricted. Successful exploitation yields limited confidentiality impact by surfacing internal post information and direct links that would otherwise require elevated privileges to view.
The referenced WPScan advisory at https://wpscan.com/vulnerability/0e13c375-044c-4c2e-ab8e-48cb89d90d02 documents the flaw and confirms the availability of a fix in plugin release 1.6.2. The EPSS score remains flat at a peak of 0.1841 with no material increase observed after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-34789
Vulnerability details
The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.