Lucene search
K

84 matches found

Cvelist
Cvelist
added 2024/03/13 3:26 p.m.33 views

CVE-2024-1380 Relevanssi – A Better Search <= 4.22.0 (Free) and <= 2.25.0 (Premium) - Missing Authorization to Unauthenticated Query Log Export

The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssiexportlogcheck function in all versions up to, and including, 4.22.0 Free and 2.25.0 Premium. This makes it possible for unauthenticated attackers ...

5.3CVSS5.3AI score0.50192EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/13 3:26 p.m.14 views

CVE-2024-1380 Relevanssi – A Better Search <= 4.22.0 (Free) and <= 2.25.0 (Premium) - Missing Authorization to Unauthenticated Query Log Export

The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssiexportlogcheck function in all versions up to, and including, 4.22.0 Free and 2.25.0 Premium. This makes it possible for unauthenticated attackers ...

5.3CVSS6.7AI score0.50192EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/03/13 12:0 a.m.4 views

WordPress Plugin Relevanssi Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

5.3CVSS6.6AI score0.50192EPSS
Exploits0References3
OSV
OSV
added 2024/01/29 3:15 p.m.5 views

CVE-2023-7199

The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request...

5.3CVSS5.8AI score0.00616EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2024/01/29 2:44 p.m.6 views

CVE-2023-7199 Relevanssi (Free < 4.22.0, Premium < 2.25.0) - Unauthenticated Private/Draft Post Disclosure

The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request...

6.9AI score0.00616EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2022/02/15 12:0 a.m.17 views

Relevanssi - Subscriber+ Unauthorised AJAX Calls

The plugins do not have authorisation and CSRF checks in some of their AJAX actions, allowing any authenticated users, such as subscriber, to call them. This could disclose information to subscribers, as well as allow them to truncate the index, which will disable the search PoC...

1.6AI score
Exploits0References2Affected Software2
Huntr
Huntr
added 2021/10/19 12:57 a.m.11 views

Cross-site Scripting (XSS) - Stored in msaari/relevanssi

Description Good afternoon. Beginning on 12 October 2021, our XSS catcher started receiving callbacks from a group of sites that are using the Relevanssi plugin for Wordpress. It appears to us that the software is not properly filtering Unsuccessful searches before displaying the information to t...

5.9AI score
Exploits0References1
wpexploit
wpexploit
added 2021/10/19 12:0 a.m.42 views

Relevanssi - A Better Search < 4.14.3 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape user searches before outputting them in the related admin dashboard when the feature is enabled Enable the logging of user query, then was unauthenticated user /?s= The XSS will be triggered when an admin will view the User Searches dashboard at...

7.1AI score
Exploits0References1
Patchstack
Patchstack
added 2018/04/09 12:0 a.m.19 views

WordPress Relevanssi plugin <=4.0.4 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found in WordPress Relevanssi plugin versions =4.0.4. Attackers can inject arbitrary JavaScript or HTML via the GET parameter. Solution 09.04.2018 - Several sources claim that you need to update to the version 4.1, but we were unable to find this version on...

5.4CVSS1.9AI score0.02009EPSS
Exploits5Affected Software1
NVD
NVD
added 2018/04/04 7:29 p.m.26 views

CVE-2018-9034

Cross-site scripting XSS vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter...

5.4CVSS5.5AI score0.02009EPSS
Exploits5References1
OSV
OSV
added 2018/04/04 7:29 p.m.7 views

CVE-2018-9034

Cross-site scripting XSS vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter...

5.4CVSS5.9AI score0.02009EPSS
Exploits5References1
ATTACKERKB
ATTACKERKB
added 2018/04/04 7:29 p.m.5 views

CVE-2018-9034

Cross-site scripting XSS vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter...

5.4CVSS5.7AI score0.02009EPSS
Exploits5References2
Prion
Prion
added 2018/04/04 7:29 p.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter...

3.5CVSS5.4AI score0.02009EPSS
Exploits5References1Affected Software1
CVE
CVE
added 2018/04/04 7:0 p.m.57 views

CVE-2018-9034

CVE-2018-9034 affects the WordPress Relevanssi plugin, specifically version 4.0.4 (and possibly earlier). The vulnerability is a Reflected XSS in lib/interface.php where the GET parameter tab is read and echoed into HTML without proper escaping, allowing an attacker to inject arbitrary JavaScript...

5.4CVSS5.4AI score0.02009EPSS
Exploits5References1Affected Software1
CNVD
CNVD
added 2017/09/22 12:0 a.m.5 views

WordPress Relevanssi Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Relevanssi is one of the WordPress search function to enhance the plugin. A cross-site scripting vulnerability...

6.1CVSS6AI score0.0106EPSS
Exploits1References1
CNVD
CNVD
added 2015/01/08 12:0 a.m.3 views

WordPress Plugin Relevanssi Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language, users can set up their own weblogs on servers that support PHP and MySQL databases.Relevanssi plugin is a WordPress search function enhancement plugin. A cross-site scripting vulnerability exists in WordPress plugin Relevanssi...

4.3CVSS5.8AI score0.01601EPSS
Exploits0References1
NVD
NVD
added 2015/01/02 7:59 p.m.21 views

CVE-2014-9443

Cross-site scripting XSS vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.8AI score0.01601EPSS
Exploits0References2
Prion
Prion
added 2015/01/02 7:59 p.m.21 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6.2AI score0.01601EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2015/01/02 7:0 p.m.46 views

CVE-2014-9443

The CVE-2014-9443 vulnerability affects the WordPress Relevanssi plugin before 3.3.8, where an XSS flaw allows remote attackers to inject arbitrary script/HTML via unspecified vectors. Root cause is an XSS issue in the plugin’s handling of user-controllable content. Impact reported: potential arb...

4.3CVSS5.9AI score0.01601EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2015/01/02 7:0 p.m.23 views

CVE-2014-9443

Cross-site scripting XSS vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

5.8AI score0.01601EPSS
Exploits0References2
Rows per page
Query Builder