Report
The SearchWP Live Ajax Search plugin for WordPress is vulnerable to Directory Traversal via the 'swpengine' parameter used by the 'searchwp_live_search' AJAX action in versions up to, and including, 1.6.2. This allows unauthenticated attackers to include and execute arbitrary local PHP files.
Score:6.8
Severity:Medium
Version: 1.6.2
There is a patch available in v1.6.3 and we strongly recommend you update to this version as soon as possible.
