Ivory Search – WordPress Search Plugin

Vulnerabilities 23Slug add-search-to-menuLatest version 5.5.14WordPress.org →

Minimum safe version

5.5.14

Update to 5.5.14 or later to address 23 fixable vulnerabilities

Latest available5.5.14 ✓

Medium 6.1

2026-05-01< 5.5.9

CVE-2024-13362

CVE Wordfence

N/A

2026-01-27< 5.5.14

Ivory Search <= 5.5.13 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'menu_gcse' and 'nothing_found_text' Parameters

Wordfence CVE

Medium 5.3

2025-12-09< 5.5.13

CVE-2025-63069

CVE Wordfence

Medium 4.8

2025-06-17< 5.5.10

WordPress Ivory Search Plugin < 5.5.10 is vulnerable to Cross Site Scripting (XSS)

Patchstack Wordfence CVE

Medium 6.3

2024-10-16< 5.4.4

Freemius SDK <= 2.4.2 - Missing Authorization Checks

CVE

Medium 5.3

2024-09-05< 5.5.7

CVE-2024-6835

CVE Patchstack Wordfence

Medium 4.3

2024-05-02< 5.5.6

CVE-2024-3233

CVE Patchstack Wordfence

N/A

2023-07-18< 5.5.2

WordPress Ivory Search Plugin < 5.5.2 is vulnerable to Cross Site Scripting (XSS)

Patchstack WPScan CVE

N/A

2021-02-01< 4.5.11

Ivory Search – WordPress Search Plugin <= 4.5.10 - Reflected Cross-Site Scripting

Wordfence

N/A

2021-11-02< 4.8

Ivory Search <= 4.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Wordfence

N/A

2022-03-04< 5.4.4

Freemius SDK <= 2.4.2 - Missing Authorization Checks

Wordfence

N/A

2022-07-04< 5.4.7

Ivory Search <= 5.4.6 - Reflected Cross-Site Scripting

Wordfence

N/A

< 4.5.11

Ivory Search < 4.5.11 - Authenticated Reflected Cross-Site Scripting (XSS)

WPScan

N/A

< 4.8

Ivory Search < 4.8 - Contributor+ Stored Cross-Site Scripting

WPScan

N/A

< 5.4.7

Ivory Search < 5.4.7 - Reflected Cross-Site Scripting

WPScan

N/A

2022-07-04< 5.4.7

WordPress Ivory Search plugin <= 5.4.6 - Reflected Cross-Site Scripting (XSS) vulnerability

Patchstack

N/A

2021-02-01< 4.5.11

WordPress Ivory Search plugin <= 4.5.10 - Cross-Site Scripting (XSS) vulnerability

Patchstack

N/A

2021-11-02< 4.7.1

WordPress Ivory Search plugin <= 4.7 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Patchstack

N/A

2022-02-28< 5.4.4

WordPress Ivory Search plugin < 5.4.4 - Sensitive Information Disclosure vulnerability

Patchstack

N/A

2022-02-28< 5.4.4

WordPress Ivory Search plugin < 5.4.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Patchstack

Medium 6.1

2021-04-22< 4.6.1

CVE-2021-24234

CVE Patchstack Wordfence WPScan

Medium 4.8

2021-10-21< 5.4.4

CVE-2021-36869

CVE Patchstack Wordfence WPScan

Medium 4.8

2025-10-03< 5.4.4

CVE-2021-25105

EUVD CVE Patchstack Wordfence WPScan