BUKAZU Search Widget Plugin Vulnerability

The BUKAZU Search widget plugin is a WordPress plugin used for search functionality. This vulnerability allows attackers to inject arbitrary web scripts into pages that will execute when accessed by users with Contributor-level access and above, due to insufficient input sanitization and output escaping on user-supplied attributes.

You're affected if you use BUKAZU Search widget. Specific version info not stated in the advisory.

To fix the vulnerability, update to BUKAZU Search widget plugin version 3.3.2 or later. If you can't upgrade immediately:

1. Immediately restrict network access to your WordPress installation (firewall it from the public internet).
2. Audit admin account activity for suspicious access patterns.
3. Monitor for unauthorized token creation.

You can download the patched version from the official WordPress plugin repository: https://plugins.trac.wordpress.org/browser/bukazu-search-widget/tags/3.3.2/

• plugins.trac.wordpress.org
• plugins.trac.wordpress.org
• www.wordfence.com