Lucene search
K

84 matches found

Vulnrichment
Vulnrichment
added 2025/05/31 3:26 a.m.4 views

CVE-2025-5016 Relevanssi <= 4.24.5 (Free) and <= 2.27.6 (Premium) - Unauthenticated Stored Cross-Site Scripting via Excerpt Highlights

The Relevanssi – A Better Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Excerpt Highlights in all versions up to, and including, 4.24.5 Free and 2.27.6 Premium due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

4.7CVSS4.6AI score0.00197EPSS
Exploits0References2
CVE
CVE
added 2025/05/31 3:26 a.m.55 views

CVE-2025-5016

CVE-2025-5016 affects Relevanssi – A Better Search for WordPress. The vulnerability is a Stored Cross-Site Scripting flaw via the Excerpt Highlights feature in all versions up to 4.24.5 (Free) and 2.27.6 (Premium), caused by insufficient input sanitization and output escaping. Result: unauthentic...

4.7CVSS4.5AI score0.00197EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/31 3:26 a.m.30 views

CVE-2025-5016 Relevanssi <= 4.24.5 (Free) and <= 2.27.6 (Premium) - Unauthenticated Stored Cross-Site Scripting via Excerpt Highlights

The Relevanssi – A Better Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Excerpt Highlights in all versions up to, and including, 4.24.5 Free and 2.27.6 Premium due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

4.7CVSS0.00197EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/05/31 12:0 a.m.6 views

WordPress plugin Relevanssi 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

4.7CVSS5.7AI score0.00197EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/05/31 12:0 a.m.5 views

PT-2025-23367 · WordPress · Relevanssi

Name of the Vulnerable Software and Affected Versions: Relevanssi – A Better Search plugin for WordPress versions up to, and including, 4.24.5 Free and 2.27.6 Premium Description: The issue is related to Stored Cross-Site Scripting via the Excerpt Highlights due to insufficient input sanitization...

4.7CVSS5.9AI score0.00197EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 10:11 a.m.4 views

CVE-2024-3213

The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the relevanssiupdatecounts function in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to execute expensive...

8.2CVSS6.9AI score0.0081EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:58 a.m.11 views

CVE-2024-1380

The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssiexportlogcheck function in all versions up to, and including, 4.22.0 Free and 2.25.0 Premium. This makes it possible for unauthenticated attackers ...

5.3CVSS6.7AI score0.50192EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:51 a.m.5 views

CVE-2024-7573

The Relevanssi Live Ajax Search plugin for WordPress is vulnerable to argument injection in all versions up to, and including, 2.4. This is due to insufficient validation of input supplied via POST data in the 'search' function. This makes it possible for unauthenticated attackers to inject...

5.3CVSS6.8AI score0.00382EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:49 a.m.10 views

CVE-2024-7630

The Relevanssi – A Better Search plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.22.2 Free and 2.25.1 Premium via the relevanssidoquery due to insufficient limitations on the posts that are returned when searching. This makes it possible for...

7.5CVSS5.9AI score0.00478EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:21 a.m.5 views

CVE-2024-3214

The Relevanssi – A Better Search plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are...

9.8CVSS7.8AI score0.00769EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:13 a.m.13 views

CVE-2024-9021

In the process of testing the Relevanssi WordPress plugin before 4.23.1, a vulnerability was found that allows you to implement Stored XSS on behalf of the Contributor+ by embedding malicious script, which entails account takeover backdoor...

5.4CVSS5.7AI score0.00414EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:46 p.m.8 views

CVE-2014-9443

Cross-site scripting XSS vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.01601EPSS
Exploits0References1
NVD
NVD
added 2025/05/13 4:16 a.m.30 views

CVE-2025-4396

The Relevanssi – A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats and tags query parameters in all versions up to, and including, 4.24.4 Free and = 2.27.5 Premium due to insufficient escaping on the user supplied parameter and lack of sufficient...

7.5CVSS0.02626EPSS
Exploits2References5
Vulnrichment
Vulnrichment
added 2025/05/13 3:21 a.m.7 views

CVE-2025-4396 Relevanssi <= 4.24.4 (Free) and <= 2.27.4 (Premium) - Unauthenticated SQL Injection

The Relevanssi – A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats and tags query parameters in all versions up to, and including, 4.24.4 Free and = 2.27.4 Premium due to insufficient escaping on the user supplied parameter and lack of sufficient...

7.5CVSS7.7AI score0.02626EPSS
Exploits2References5
CVE
CVE
added 2025/05/13 3:21 a.m.130 views

CVE-2025-4396

The CVE-2025-4396 entry documents an unauthenticated, time-based SQL Injection in the Relevanssi – A Better Search WordPress plugin via the cats and tags parameters. Affected versions include all up to 4.24.4 (Free) and up to 2.27.5 (Premium); the root cause is insufficient escaping/processing of...

7.5CVSS7.2AI score0.02626EPSS
In wildExploits2References5
Cvelist
Cvelist
added 2025/05/13 3:21 a.m.49 views

CVE-2025-4396 Relevanssi <= 4.24.4 (Free) and <= 2.27.5 (Premium) - Unauthenticated SQL Injection

The Relevanssi – A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats and tags query parameters in all versions up to, and including, 4.24.4 Free and = 2.27.5 Premium due to insufficient escaping on the user supplied parameter and lack of sufficient...

7.5CVSS0.02626EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.9 views

PT-2025-20826

Name of the Vulnerable Software and Affected Versions Relevanssi – A Better Search plugin for WordPress versions 4.24.4 and earlier Free and versions 2.27.4 and earlier Premium Description The Relevanssi – A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats...

7.5CVSS7.4AI score0.02626EPSS
Exploits2References11
CNNVD
CNNVD
added 2025/05/13 12:0 a.m.7 views

WordPress plugin Relevanssi SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

7.5CVSS7.8AI score0.02626EPSS
Exploits2References5
Patchstack
Patchstack
added 2025/05/12 8:35 p.m.14 views

WordPress Relevanssi plugin <= 4.24.4 - Unauthenticated SQL Injection

Unauthenticated SQL Injection vulnerability discovered by Jack Taylor in WordPress Plugin Relevanssi versions = 4.24.4...

7.5CVSS8.9AI score0.02626EPSS
Exploits2References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/09 3:13 a.m.7 views

CVE-2025-4054

The Relevanssi – A Better Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the highlights functionality in all versions up to, and including, 4.24.3 Free and = 2.27.4 Premium, due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS7.4AI score0.00372EPSS
Exploits0References1
Rows per page
Query Builder