Lucene search

[email protected]NVD:CVE-2023-7199

HistoryJan 29, 2024 - 3:15 p.m.

CVE-2023-7199

2024-01-2915:15:09

CWE-639

[email protected]

web.nvd.nist.gov

relevanssi

wordpress

security vulnerability

unauthorized access

draft posts

private posts

crafted request

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

31.2%

JSON

The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request

Affected configurations

NVD

Node

relevanssirelevanssiRange≤2.25.0wordpress

References

wpscan.com/vulnerability/0c96a128-4473-41f5-82ce-94bba33ca4a3/

www.relevanssi.com/release-notes/premium-2-25-free-4-22-release-notes/

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

31.2%

JSON

Related for NVD:CVE-2023-7199

wpvulndb1 cvelist1 cve1 wpexploit1 prion1