Searchplus
Monthly
Unauthenticated token manipulation in the SearchPlus WordPress plugin (versions up to and including 1.7.1) allows any remote visitor to overwrite or delete the plugin's stored API credentials by invoking two unprotected AJAX callbacks. Both searchplus_save_token_action_callback() and searchplus_reset_token_action_callback() are registered via wp_ajax_nopriv_ hooks and lack both capability checks and nonce validation, making them freely accessible without authentication. No public exploit or active exploitation has been identified at time of analysis, and real-world impact is limited to disruption of the plugin's search functionality or substitution of attacker-controlled account tokens.
Unauthenticated token manipulation in the SearchPlus WordPress plugin (versions up to and including 1.7.1) allows any remote visitor to overwrite or delete the plugin's stored API credentials by invoking two unprotected AJAX callbacks. Both searchplus_save_token_action_callback() and searchplus_reset_token_action_callback() are registered via wp_ajax_nopriv_ hooks and lack both capability checks and nonce validation, making them freely accessible without authentication. No public exploit or active exploitation has been identified at time of analysis, and real-world impact is limited to disruption of the plugin's search functionality or substitution of attacker-controlled account tokens.