Filtered by vendor Relevanssi
Subscriptions
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-1000225 | 1 Relevanssi | 1 Relevanssi | 2024-09-17 | N/A |
| Reflected XSS in Relevanssi Premium version 1.14.8 when using relevanssi_didyoumean() could allow unauthenticated attacker to do almost anything an admin can | ||||
| CVE-2014-9443 | 1 Relevanssi | 1 Relevanssi | 2024-09-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2024-7573 | 1 Relevanssi | 1 Relevanssi-live-ajax-search | 2024-08-28 | 5.3 Medium |
| The Relevanssi Live Ajax Search plugin for WordPress is vulnerable to argument injection in all versions up to, and including, 2.4. This is due to insufficient validation of input supplied via POST data in the 'search' function. This makes it possible for unauthenticated attackers to inject arbitrary arguments into a WP_Query query and potentially expose sensitive information such as attachments or private posts. | ||||
| CVE-2024-7630 | 1 Relevanssi | 1 Relevanssi | 2024-08-19 | 5.3 Medium |
| The Relevanssi – A Better Search plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.22.2 via the relevanssi_do_query() due to insufficient limitations on the posts that are returned when searching. This makes it possible for unauthenticated attackers to extract potentially sensitive information from password protected posts. | ||||
| CVE-2016-10949 | 1 Relevanssi | 1 Relevanssi | 2024-08-06 | 8.8 High |
| The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization. | ||||
| CVE-2017-1000038 | 1 Relevanssi | 1 Relevanssi | 2024-08-05 | N/A |
| WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored XSS resulting in attacker being able to execute JavaScript on the affected site | ||||
| CVE-2018-9034 | 1 Relevanssi | 1 Relevanssi | 2024-08-05 | N/A |
| Cross-site scripting (XSS) vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter. | ||||
| CVE-2023-7199 | 1 Relevanssi | 1 Relevanssi | 2024-08-02 | 5.3 Medium |
| The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request | ||||
Page 1 of 1.