ByteOS Network

Site Search 360

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-39530

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.03% / 5.98%

7 Day CHG~0.00%

Published-16 Apr, 2025 | 12:45

Updated-16 Apr, 2025 | 13:25

WordPress Site Search 360 plugin <= 2.1.7 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in dsky Site Search 360 allows Stored XSS. This issue affects Site Search 360: from n/a through 2.1.7.

Vendor-dsky

Product-Site Search 360

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-11780

Assigner-Wordfence

View Details

Assigner-Wordfence

CVSS Score-6.4||MEDIUM

EPSS-0.03% / 7.75%

7 Day CHG~0.00%

Published-01 Feb, 2025 | 03:21

Updated-24 Feb, 2025 | 17:26

Site Search 360 <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Site Search 360 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ss360-resultblock' shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Vendor-sitesearch360 dsky

Product-site_search_360 Site Search 360

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')