In Ivory Search plugin for WordPress versions before 5.5.10 a low severity vulnerability CVE-2025-5209 was detected. This vulnerability allows high privilege users, such as administrators, to perform Cross-Site Scripting (XSS) attacks due to insufficient sanitization and escaping of certain settings, even when the unfiltered_html capability is disallowed. To address this issue, users should upgrade Ivory Search plugin to versions 5.5.10 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5209.