84 matches found
CVE-2024-1380 Relevanssi – A Better Search <= 4.22.0 (Free) and <= 2.25.0 (Premium) - Missing Authorization to Unauthenticated Query Log Export
The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssiexportlogcheck function in all versions up to, and including, 4.22.0 Free and 2.25.0 Premium. This makes it possible for unauthenticated attackers ...
CVE-2024-1380 Relevanssi – A Better Search <= 4.22.0 (Free) and <= 2.25.0 (Premium) - Missing Authorization to Unauthenticated Query Log Export
The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssiexportlogcheck function in all versions up to, and including, 4.22.0 Free and 2.25.0 Premium. This makes it possible for unauthenticated attackers ...
WordPress Plugin Relevanssi Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
CVE-2023-7199
The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request...
CVE-2023-7199 Relevanssi (Free < 4.22.0, Premium < 2.25.0) - Unauthenticated Private/Draft Post Disclosure
The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request...
Relevanssi - Subscriber+ Unauthorised AJAX Calls
The plugins do not have authorisation and CSRF checks in some of their AJAX actions, allowing any authenticated users, such as subscriber, to call them. This could disclose information to subscribers, as well as allow them to truncate the index, which will disable the search PoC...
Cross-site Scripting (XSS) - Stored in msaari/relevanssi
Description Good afternoon. Beginning on 12 October 2021, our XSS catcher started receiving callbacks from a group of sites that are using the Relevanssi plugin for Wordpress. It appears to us that the software is not properly filtering Unsuccessful searches before displaying the information to t...
Relevanssi - A Better Search < 4.14.3 - Unauthenticated Stored Cross-Site Scripting
The plugin does not sanitise and escape user searches before outputting them in the related admin dashboard when the feature is enabled Enable the logging of user query, then was unauthenticated user /?s= The XSS will be triggered when an admin will view the User Searches dashboard at...
WordPress Relevanssi plugin <=4.0.4 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability found in WordPress Relevanssi plugin versions =4.0.4. Attackers can inject arbitrary JavaScript or HTML via the GET parameter. Solution 09.04.2018 - Several sources claim that you need to update to the version 4.1, but we were unable to find this version on...
CVE-2018-9034
Cross-site scripting XSS vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter...
CVE-2018-9034
Cross-site scripting XSS vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter...
CVE-2018-9034
Cross-site scripting XSS vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter...
CVE-2018-9034
CVE-2018-9034 affects the WordPress Relevanssi plugin, specifically version 4.0.4 (and possibly earlier). The vulnerability is a Reflected XSS in lib/interface.php where the GET parameter tab is read and echoed into HTML without proper escaping, allowing an attacker to inject arbitrary JavaScript...
WordPress Relevanssi Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Relevanssi is one of the WordPress search function to enhance the plugin. A cross-site scripting vulnerability...
WordPress Plugin Relevanssi Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed using the PHP language, users can set up their own weblogs on servers that support PHP and MySQL databases.Relevanssi plugin is a WordPress search function enhancement plugin. A cross-site scripting vulnerability exists in WordPress plugin Relevanssi...
CVE-2014-9443
Cross-site scripting XSS vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2014-9443
The CVE-2014-9443 vulnerability affects the WordPress Relevanssi plugin before 3.3.8, where an XSS flaw allows remote attackers to inject arbitrary script/HTML via unspecified vectors. Root cause is an XSS issue in the plugin’s handling of user-controllable content. Impact reported: potential arb...
CVE-2014-9443
Cross-site scripting XSS vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...