190 matches found
The vulnerability of the Relevanssi plugin of the WordPress content management system allows attackers to execute cross-site scripting attacks.
The vulnerability of the Relevanssi plugin of the WordPress content management system exists due to the lack of measures taken to protect the website’s structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks by injecting malicious scripts...
WordPress Relevanssi plugin < 4.23.1 - Contributor+ Stored XSS vulnerability
Contributor+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Relevanssi versions 4.23.1...
CVE-2024-9021
In the process of testing the Relevanssi WordPress plugin before 4.23.1, a vulnerability was found that allows you to implement Stored XSS on behalf of the Contributor+ by embedding malicious script, which entails account takeover backdoor...
CVE-2024-9021
In the process of testing the Relevanssi WordPress plugin before 4.23.1, a vulnerability was found that allows you to implement Stored XSS on behalf of the Contributor+ by embedding malicious script, which entails account takeover backdoor...
CVE-2024-9021 Relevanssi < 4.23.1 - Contributor+ Stored XSS
In the process of testing the Relevanssi WordPress plugin before 4.23.1, a vulnerability was found that allows you to implement Stored XSS on behalf of the Contributor+ by embedding malicious script, which entails account takeover backdoor...
CVE-2024-9021 Relevanssi < 4.23.1 - Contributor+ Stored XSS
In the process of testing the Relevanssi WordPress plugin before 4.23.1, a vulnerability was found that allows you to implement Stored XSS on behalf of the Contributor+ by embedding malicious script, which entails account takeover backdoor...
CVE-2024-9021
CVE-2024-9021 affects the Relevanssi WordPress plugin (prior to 4.23.1). The issue enables Stored XSS when a user with Contributor+ privileges embeds script, potentially enabling account takeover via a backdoor. Public references (NVD, Red Hat, CVE lists) consistently describe the vulnerability a...
WordPress plugin Relevanssi 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Relevanssi Plugin < 4.23.1 is vulnerable to Cross Site Scripting (XSS)
Software Relevanssi Type Plugin Vulnerable versions 4.23.1 Fixed in 4.23.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9021 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a86f4b44f13a Credits Krugov Artyom Required...
PT-2024-7486 · WordPress · Relevanssi
Name of the Vulnerable Software and Affected Versions: Relevanssi WordPress plugin versions prior to 4.23.1 Description: The issue allows for Stored XSS attacks by embedding malicious scripts, potentially leading to account takeover. This can be exploited by a remote attacker to perform cross-sit...
CVE-2024-7573
The Relevanssi Live Ajax Search plugin for WordPress is vulnerable to argument injection in all versions up to, and including, 2.4. This is due to insufficient validation of input supplied via POST data in the 'search' function. This makes it possible for unauthenticated attackers to inject...
CVE-2024-7573 Relevanssi Live Ajax Search <= 2.4 - Unauthenticated WP_Query Argument Injection
The Relevanssi Live Ajax Search plugin for WordPress is vulnerable to argument injection in all versions up to, and including, 2.4. This is due to insufficient validation of input supplied via POST data in the 'search' function. This makes it possible for unauthenticated attackers to inject...
CVE-2024-7573 Relevanssi Live Ajax Search <= 2.4 - Unauthenticated WP_Query Argument Injection
The Relevanssi Live Ajax Search plugin for WordPress is vulnerable to argument injection in all versions up to, and including, 2.4. This is due to insufficient validation of input supplied via POST data in the 'search' function. This makes it possible for unauthenticated attackers to inject...
WordPress Relevanssi Live Ajax Search Plugin <= 2.4 is vulnerable to Broken Access Control
Software Relevanssi Live Ajax Search Type Plugin Vulnerable versions = 2.4 Fixed in 2.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-7573 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 091b716b5837 Credits scottaglia Required...
PT-2024-38427 · WordPress · Relevanssi Live Ajax Search
Name of the Vulnerable Software and Affected Versions: Relevanssi Live Ajax Search plugin for WordPress versions up to, and including, 2.4 Description: The issue is due to insufficient validation of input supplied via POST data in the search function, making it possible for unauthenticated...
CVE-2024-7630
The Relevanssi – A Better Search plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.22.2 via the relevanssidoquery due to insufficient limitations on the posts that are returned when searching. This makes it possible for unauthenticated attackers to...
CVE-2024-7630
The Relevanssi – A Better Search plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.22.2 Free and 2.25.1 Premium via the relevanssidoquery due to insufficient limitations on the posts that are returned when searching. This makes it possible for...
CVE-2024-7630 Relevanssi <= 4.22.2 (Free) and <= 2.25.1 (Premium) - Unauthenticated Information Exposure
The Relevanssi – A Better Search plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.22.2 Free and 2.25.1 Premium via the relevanssidoquery due to insufficient limitations on the posts that are returned when searching. This makes it possible for...
CVE-2024-7630
CVE-2024-7630 affects the WordPress plugin “Relevanssi – A Better Search” up to and including version 4.22.2. The root cause is insufficient restrictions on posts returned by relevanssi_do_query(), enabling unauthenticated attackers to expose potentially sensitive information from password-protec...
CVE-2024-7630 Relevanssi <= 4.22.2 (Free) and <= 2.25.1 (Premium) - Unauthenticated Information Exposure
The Relevanssi – A Better Search plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.22.2 Free and 2.25.1 Premium via the relevanssidoquery due to insufficient limitations on the posts that are returned when searching. This makes it possible for...