Report
The SearchWP Live Ajax Search plugin for WordPress is vulnerable to arbitrary post title disclosure in versions up to, and including, 1.6.1. This is due to insufficient checking of a post status before displaying to a user. This makes it possible for unauthenticated attackers to view post titles even when they are not in a 'publish' state.
Score:5.3
Severity:Medium
Version: 1.6.1
There is a patch available in v1.6.2 and we strongly recommend you update to this version as soon as possible.
