CVE-2025-14298
Published
CVSS v3
5.4
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
The FiboSearch – Ajax Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `thegem_te_search` shortcode in all versions up to, and including, 1.32.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This vulnerability requires TheGem theme (premium) to be installed with Header Builder mode enabled, and the FiboSearch "Replace search bars" option enabled for TheGem integration.
<p>The most popular <strong>WooCommerce product search plugin</strong>. It gives your users a well-designed advanced AJAX search bar with live search suggestions.</p>
<p>By default, WooCommerce provides a very simple search solution, without live product search or even SKU search. FiboSearch (formerly Ajax Search for WooCommerce) provides advanced search with live suggestions.</p>
<p>Who doesn’t love instant, as-you-type suggestions? In 2025, customers expect smart product search. Baymard Institute’s latest UX research reveals that search autocomplete, auto-suggest, or an instant search feature <strong>is now offered on 96% of major e-commerce sites</strong>. It’s a must-have feature for every online business that can’t afford to lose customers. Why? FiboSearch helps users save time and makes shopping easier. As a result, Fibo really boosts sales.</p>
<h4>Features</h4>
<p>✅ <strong>Search by product title, long and short description</strong><br />
✅ <strong>Search by SKU</strong><br />
✅ Show <strong>product image</strong> in live search results<br />
✅ Show <strong>product price</strong> in live search results<br />
✅ Show <strong>product description</strong> in live search results<br />
✅ Show <strong>SKU</strong> in live search results<br />
✅ <strong>Mobile first</strong> – special mobile search mode for better UX<br />
✅ <strong>Details panels</strong> with extended information – <strong>“add to cart” button</strong> with a <strong>quantity field</strong> and <strong>extended product</strong> data displayed on hovering over the live suggestion<br />
✅ <strong>Easy implementation</strong> in your theme – embed the plugin using a <strong>shortcode</strong>, as a <strong>menu item</strong> or as a <strong>widget</strong><br />
✅ <strong>Terms search</strong> – search for product categories and tags<br />
✅ <strong>Search history</strong> – the current search history is presented when the user clicked/taped on the search bar, but hasn’t yet typed the query.<br />
✅ <strong>Limit</strong> displayed suggestions – the number is customizable<br />
✅ <strong>The minimum number of characters</strong> required to display suggestions – the number is customizable<br />
✅ <strong>Better ordering</strong> – a smart algorithm ensures that the displayed results are as accurate as possible<br />
✅ <strong>Support for WooCommerce search results page</strong> – after typing enter, users get the same results as in FiboSearch bar<br />
✅ <strong>Grouping instant search results by type</strong> – displaying e.g. first matching categories, then matching products<br />
✅ <strong>Google Analytics</strong> support<br />
✅ Multilingual support including <strong>WPML</strong>, <strong>Polylang</strong> and <strong>qTranslate-XT</strong><br />
✅ <strong>Personalization</strong> of search bar and autocomplete suggestions – labels, colors, preloader, image and more</p>
<h4>Try the PRO version</h4>
<p>FiboSearch also comes in a Pro version, with a modern, inverted index-based search engine. FiboSearch Pro works up to <strong>10× faster</strong> than the Free version or other popular search solutions for WooCommerce.</p>
<p><a href="https://fibosearch.com/pricing/?utm_source=readme&utm_medium=referral&utm_content=pricing&utm_campaign=asfw" rel="nofollow ugc">Upgrade to PRO and boost your sales!</a></p>
<h4>PRO features</h4>
<p>✅ <strong>Ultra-fast search engine</strong> based on the inverted index – works very fast, even with 100,000+ products<br />
✅ <strong>Fuzzy search</strong> – works even with minor typos<br />
✅ <strong>Search in custom fields</strong> with dedicated support for ACF<br />
✅ <strong>Search in attributes</strong><br />
✅ <strong>Search in categories</strong>. Supports category thumbnails.<br />
✅ <strong>Search in tags</strong><br />
✅ <strong>Search in brands</strong> (We support WooCommerce Brands, Perfect Brands for WooCommerce, Brands for WooCommerce, YITH WooCommerce Brands). Supports brand thumbnails.<br />
✅ <strong>Search by variation product SKU</strong> – also shows variable products in live search after typing in the exact matching SKU<br />
✅ <strong>Search for posts</strong> – also shows matching posts in live search<br />
✅ <strong>Search for pages</strong> – also shows matching posts in live search<br />
✅ <strong>Synonyms</strong><br />
✅ <strong>Conditional exclusion of products</strong><br />
✅ <strong>TranslatePress</strong> compatible<br />
✅ Professional and fast <strong>help with embedding</strong> or replacing the search bar in your theme<br />
✅ and more…<br />
✅ SEE ALL PRO <a href="https://fibosearch.com/pro-vs-free/?utm_source=readme&utm_medium=referral&utm_content=features&utm_campaign=asfw" rel="nofollow ugc">FEATURES</a>!</p>
<h4>Showcase</h4>
<p>See how it works for others: <a href="https://fibosearch.com/showcase/?utm_source=readme&utm_medium=referral&utm_campaign=asfw&utm_content=showcase&utm_gen=utmdc" rel="nofollow ugc">Showcase</a>.</p>
<h4>Feedback</h4>
<p>Any suggestions or comments are welcome. Feel free to contact us via the <a href="https://fibosearch.com/contact/?utm_source=readme&utm_medium=referral&utm_campaign=asfw&utm_content=contact&utm_gen=utmdc" rel="nofollow ugc">contact form</a>.</p>
WordPress Plugin Directory