Relevanssi Security Vulnerabilities and Issues — Relevanssi CVE List

Lucene search

RelevanssiRelevanssi

4 matches found

CVE•added 2024/03/13 4:15 p.m.•47 views

CVE-2024-1380

The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssi_export_log_check() function in all versions up to, and including, 4.22.0. This makes it possible for unauthenticated attackers to export the query l...

5.3CVSS5.4AI score0.88736EPSS

CVE•added 2018/04/04 7:29 p.m.•41 views

CVE-2018-9034

Cross-site scripting (XSS) vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter.

5.4CVSS5.4AI score0.00143EPSS

CVE•added 2024/01/29 3:15 p.m.•36 views

CVE-2023-7199

The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request

5.3CVSS5.1AI score0.0021EPSS

CVE•added 2024/10/08 6:15 a.m.•36 views

CVE-2024-9021

In the process of testing the Relevanssi WordPress plugin before 4.23.1, a vulnerability was found that allows you to implement Stored XSS on behalf of the Contributor+ by embedding malicious script, which entails account takeover backdoor

5.4CVSS5.6AI score0.00019EPSS