Elasticpress Security Vulnerabilities and Issues — Elasticpress CVE List

Lucene search

10upElasticpress

3 matches found

CVE•added 2024/06/04 11:15 a.m.•70 views

CVE-2023-48753

Authentication Bypass by Spoofing vulnerability in 10up Restricted Site Access allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Restricted Site Access: from n/a through 7.4.1.

5.3CVSS5.3AI score0.00112EPSS

CVE•added 2024/06/08 3:15 p.m.•48 views

CVE-2024-35684

Cross-Site Request Forgery (CSRF) vulnerability in 10up ElasticPress.This issue affects ElasticPress: from n/a through 5.1.1.

4.3CVSS5AI score0.00121EPSS

CVE•added 2023/07/01 6:15 a.m.•43 views

CVE-2021-4405

The ElasticPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3. This is due to missing or incorrect nonce validation on the epio_send_autosuggest_allowed() function. This makes it possible for unauthenticated attackers to send allowed param...

4.3CVSS4.2AI score0.00166EPSS