Lucene search
K

84 matches found

NVD
NVD
added 2025/05/07 3:15 a.m.16 views

CVE-2025-4054

The Relevanssi – A Better Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the highlights functionality in all versions up to, and including, 4.24.3 Free and = 2.27.4 Premium, due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS0.00372EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/05/07 2:23 a.m.6 views

CVE-2025-4054 Relevanssi <= 4.24.3 (Free) and <= 2.27.4 (Premium) - Unauthenticated Stored Cross-Site Scripting via Search Highlights

The Relevanssi – A Better Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the highlights functionality in all versions up to, and including, 4.24.3 Free and = 2.27.4 Premium, due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS7.5AI score0.00372EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/05/07 2:23 a.m.24 views

CVE-2025-4054 Relevanssi <= 4.24.3 (Free) and <= 2.27.4 (Premium) - Unauthenticated Stored Cross-Site Scripting via Search Highlights

The Relevanssi – A Better Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the highlights functionality in all versions up to, and including, 4.24.3 Free and = 2.27.4 Premium, due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS0.00372EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/05/07 12:0 a.m.9 views

PT-2025-19914

Name of the Vulnerable Software and Affected Versions Relevanssi – A Better Search plugin for WordPress versions up to, and including, 4.24.3 Description The issue is related to Stored Cross-Site Scripting via the highlights functionality due to insufficient input sanitization and output escaping...

6.1CVSS8.8AI score0.00372EPSS
Exploits0References10
BDU FSTEC
BDU FSTEC
added 2024/11/01 12:0 a.m.11 views

The vulnerability of the Relevanssi plugin of the WordPress content management system allows attackers to execute cross-site scripting attacks.

The vulnerability of the Relevanssi plugin of the WordPress content management system exists due to the lack of measures taken to protect the website’s structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks by injecting malicious scripts...

5.5CVSS5.2AI score0.00414EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/10/08 6:15 a.m.3 views

CVE-2024-9021

In the process of testing the Relevanssi WordPress plugin before 4.23.1, a vulnerability was found that allows you to implement Stored XSS on behalf of the Contributor+ by embedding malicious script, which entails account takeover backdoor...

5.4CVSS5.8AI score0.00414EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/10/08 6:0 a.m.26 views

CVE-2024-9021 Relevanssi < 4.23.1 - Contributor+ Stored XSS

In the process of testing the Relevanssi WordPress plugin before 4.23.1, a vulnerability was found that allows you to implement Stored XSS on behalf of the Contributor+ by embedding malicious script, which entails account takeover backdoor...

0.00414EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/10/08 12:0 a.m.3 views

WordPress plugin Relevanssi 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.4CVSS6AI score0.00414EPSS
Exploits1References2
Patchstack
Patchstack
added 2024/10/08 12:0 a.m.16 views

WordPress Relevanssi Plugin < 4.23.1 is vulnerable to Cross Site Scripting (XSS)

Software Relevanssi Type Plugin Vulnerable versions 4.23.1 Fixed in 4.23.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9021 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a86f4b44f13a Credits Krugov Artyom Required...

5.4CVSS5.8AI score0.00414EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/17 12:0 a.m.6 views

PT-2024-7486 · WordPress · Relevanssi

Name of the Vulnerable Software and Affected Versions: Relevanssi WordPress plugin versions prior to 4.23.1 Description: The issue allows for Stored XSS attacks by embedding malicious scripts, potentially leading to account takeover. This can be exploited by a remote attacker to perform cross-sit...

5.5CVSS5.2AI score0.00414EPSS
Exploits1References10
CVE
CVE
added 2024/08/16 1:59 a.m.52 views

CVE-2024-7630

CVE-2024-7630 affects the WordPress plugin “Relevanssi – A Better Search” up to and including version 4.22.2. The root cause is insufficient restrictions on posts returned by relevanssi_do_query(), enabling unauthenticated attackers to expose potentially sensitive information from password-protec...

7.5CVSS5.9AI score0.00478EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/08/16 1:59 a.m.28 views

CVE-2024-7630 Relevanssi <= 4.22.2 (Free) and <= 2.25.1 (Premium) - Unauthenticated Information Exposure

The Relevanssi – A Better Search plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.22.2 Free and 2.25.1 Premium via the relevanssidoquery due to insufficient limitations on the posts that are returned when searching. This makes it possible for...

5.3CVSS0.00478EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/08/16 1:31 a.m.6 views

WordPress Relevanssi plugin <= 4.22.2 - Unauthenticated Information Exposure vulnerability

Unauthenticated Information Exposure vulnerability discovered by stealthcopter in WordPress Plugin Relevanssi versions = 4.22.2...

7.5CVSS7AI score0.00478EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/09 6:59 p.m.15 views

CVE-2024-3213

The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the relevanssiupdatecounts function in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to execute expensive...

5.3CVSS5.3AI score0.0081EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/04/09 6:59 p.m.32 views

CVE-2024-3214 Relevanssi – A Better Search <= 4.22.1 - Unauthenticated Second Order CSV Injection

The Relevanssi – A Better Search plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are...

5.8CVSS6.3AI score0.00769EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.4 views

WordPress Plugin Relevanssi 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

9.8CVSS8.6AI score0.00769EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.5 views

WordPress Plugin Relevanssi 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

8.2CVSS8.2AI score0.0081EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/04/05 12:43 a.m.4 views

WordPress Relevanssi plugin <= 4.22.1 - Unauthenticated Second Order CSV Injection vulnerability

Unauthenticated Second Order CSV Injection vulnerability discovered by Thura Moe Myint mgthuramoemyint in WordPress Plugin Relevanssi versions = 4.22.1...

9.8CVSS7.3AI score0.00769EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/03/13 4:15 p.m.7 views

CVE-2024-1380

The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssiexportlogcheck function in all versions up to, and including, 4.22.0. This makes it possible for unauthenticated attackers to export the query log...

5.3CVSS7.3AI score0.50192EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.25 views

Authorization

The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssiexportlogcheck function in all versions up to, and including, 4.22.0. This makes it possible for unauthenticated attackers to export the query log...

5CVSS7.2AI score0.50192EPSS
Exploits0References2
Rows per page
Query Builder