Lucene search
+L

190 matches found

BDU FSTEC
BDU FSTEC
added 2024/11/01 12:0 a.m.15 views

The vulnerability of the Relevanssi plugin of the WordPress content management system allows attackers to execute cross-site scripting attacks.

The vulnerability of the Relevanssi plugin of the WordPress content management system exists due to the lack of measures taken to protect the website’s structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks by injecting malicious scripts...

5.5CVSS5.2AI score0.00426EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2024/10/08 8:19 a.m.6 views

WordPress Relevanssi plugin < 4.23.1 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Relevanssi versions 4.23.1...

5.4CVSS6.1AI score0.00426EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/10/08 6:15 a.m.5 views

CVE-2024-9021

In the process of testing the Relevanssi WordPress plugin before 4.23.1, a vulnerability was found that allows you to implement Stored XSS on behalf of the Contributor+ by embedding malicious script, which entails account takeover backdoor...

5.4CVSS5.8AI score0.00426EPSS
Exploits1References1
NVD
NVD
added 2024/10/08 6:15 a.m.18 views

CVE-2024-9021

In the process of testing the Relevanssi WordPress plugin before 4.23.1, a vulnerability was found that allows you to implement Stored XSS on behalf of the Contributor+ by embedding malicious script, which entails account takeover backdoor...

5.4CVSS0.00426EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/10/08 6:0 a.m.28 views

CVE-2024-9021 Relevanssi < 4.23.1 - Contributor+ Stored XSS

In the process of testing the Relevanssi WordPress plugin before 4.23.1, a vulnerability was found that allows you to implement Stored XSS on behalf of the Contributor+ by embedding malicious script, which entails account takeover backdoor...

0.00426EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/10/08 6:0 a.m.11 views

CVE-2024-9021 Relevanssi < 4.23.1 - Contributor+ Stored XSS

In the process of testing the Relevanssi WordPress plugin before 4.23.1, a vulnerability was found that allows you to implement Stored XSS on behalf of the Contributor+ by embedding malicious script, which entails account takeover backdoor...

5.2AI score0.00426EPSS
Exploits1References1
CVE
CVE
added 2024/10/08 6:0 a.m.53 views

CVE-2024-9021

CVE-2024-9021 affects the Relevanssi WordPress plugin (prior to 4.23.1). The issue enables Stored XSS when a user with Contributor+ privileges embeds script, potentially enabling account takeover via a backdoor. Public references (NVD, Red Hat, CVE lists) consistently describe the vulnerability a...

5.4CVSS5.6AI score0.00426EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2024/10/08 12:0 a.m.4 views

WordPress plugin Relevanssi 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.4CVSS6AI score0.00426EPSS
Exploits1References2
Patchstack
Patchstack
added 2024/10/08 12:0 a.m.16 views

WordPress Relevanssi Plugin < 4.23.1 is vulnerable to Cross Site Scripting (XSS)

Software Relevanssi Type Plugin Vulnerable versions 4.23.1 Fixed in 4.23.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9021 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a86f4b44f13a Credits Krugov Artyom Required...

5.4CVSS5.8AI score0.00426EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/17 12:0 a.m.6 views

PT-2024-7486 · WordPress · Relevanssi

Name of the Vulnerable Software and Affected Versions: Relevanssi WordPress plugin versions prior to 4.23.1 Description: The issue allows for Stored XSS attacks by embedding malicious scripts, potentially leading to account takeover. This can be exploited by a remote attacker to perform cross-sit...

5.5CVSS5.2AI score0.00426EPSS
Exploits1References10
NVD
NVD
added 2024/08/28 3:15 a.m.17 views

CVE-2024-7573

The Relevanssi Live Ajax Search plugin for WordPress is vulnerable to argument injection in all versions up to, and including, 2.4. This is due to insufficient validation of input supplied via POST data in the 'search' function. This makes it possible for unauthenticated attackers to inject...

5.3CVSS0.00382EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/28 2:5 a.m.21 views

CVE-2024-7573 Relevanssi Live Ajax Search <= 2.4 - Unauthenticated WP_Query Argument Injection

The Relevanssi Live Ajax Search plugin for WordPress is vulnerable to argument injection in all versions up to, and including, 2.4. This is due to insufficient validation of input supplied via POST data in the 'search' function. This makes it possible for unauthenticated attackers to inject...

5.3CVSS0.00382EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/08/28 2:5 a.m.14 views

CVE-2024-7573 Relevanssi Live Ajax Search <= 2.4 - Unauthenticated WP_Query Argument Injection

The Relevanssi Live Ajax Search plugin for WordPress is vulnerable to argument injection in all versions up to, and including, 2.4. This is due to insufficient validation of input supplied via POST data in the 'search' function. This makes it possible for unauthenticated attackers to inject...

5.3CVSS5.4AI score0.00382EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/08/28 12:0 a.m.12 views

WordPress Relevanssi Live Ajax Search Plugin <= 2.4 is vulnerable to Broken Access Control

Software Relevanssi Live Ajax Search Type Plugin Vulnerable versions = 2.4 Fixed in 2.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-7573 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 091b716b5837 Credits scottaglia Required...

5.3CVSS6.6AI score0.00382EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/27 12:0 a.m.8 views

PT-2024-38427 · WordPress · Relevanssi Live Ajax Search

Name of the Vulnerable Software and Affected Versions: Relevanssi Live Ajax Search plugin for WordPress versions up to, and including, 2.4 Description: The issue is due to insufficient validation of input supplied via POST data in the search function, making it possible for unauthenticated...

5.3CVSS6.8AI score0.00382EPSS
Exploits0References8
OSV
OSV
added 2024/08/16 3:15 a.m.8 views

CVE-2024-7630

The Relevanssi – A Better Search plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.22.2 via the relevanssidoquery due to insufficient limitations on the posts that are returned when searching. This makes it possible for unauthenticated attackers to...

7.5CVSS5.8AI score0.00478EPSS
Exploits0References2
NVD
NVD
added 2024/08/16 3:15 a.m.16 views

CVE-2024-7630

The Relevanssi – A Better Search plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.22.2 Free and 2.25.1 Premium via the relevanssidoquery due to insufficient limitations on the posts that are returned when searching. This makes it possible for...

7.5CVSS0.00478EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/08/16 1:59 a.m.21 views

CVE-2024-7630 Relevanssi <= 4.22.2 (Free) and <= 2.25.1 (Premium) - Unauthenticated Information Exposure

The Relevanssi – A Better Search plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.22.2 Free and 2.25.1 Premium via the relevanssidoquery due to insufficient limitations on the posts that are returned when searching. This makes it possible for...

5.3CVSS5.9AI score0.00478EPSS
Exploits0References2
CVE
CVE
added 2024/08/16 1:59 a.m.53 views

CVE-2024-7630

CVE-2024-7630 affects the WordPress plugin “Relevanssi – A Better Search” up to and including version 4.22.2. The root cause is insufficient restrictions on posts returned by relevanssi_do_query(), enabling unauthenticated attackers to expose potentially sensitive information from password-protec...

7.5CVSS5.9AI score0.00478EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/08/16 1:59 a.m.32 views

CVE-2024-7630 Relevanssi <= 4.22.2 (Free) and <= 2.25.1 (Premium) - Unauthenticated Information Exposure

The Relevanssi – A Better Search plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.22.2 Free and 2.25.1 Premium via the relevanssidoquery due to insufficient limitations on the posts that are returned when searching. This makes it possible for...

5.3CVSS0.00478EPSS
Exploits0References2
Rows per page
Query Builder