Vulnerabilities > Relevanssi
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-16 | CVE-2024-7630 | Unspecified vulnerability in Relevanssi The Relevanssi – A Better Search plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.22.2 via the relevanssi_do_query() due to insufficient limitations on the posts that are returned when searching. | 7.5 |
| 2024-04-09 | CVE-2024-3213 | Missing Authorization vulnerability in Relevanssi The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the relevanssi_update_counts() function in all versions up to, and including, 4.22.1. | 8.2 |
| 2024-04-09 | CVE-2024-3214 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Relevanssi The Relevanssi – A Better Search plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 4.22.1. | 9.8 |
| 2024-01-29 | CVE-2023-7199 | Authorization Bypass Through User-Controlled Key vulnerability in Relevanssi The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request | 5.3 |
| 2019-09-13 | CVE-2016-10949 | SQL Injection vulnerability in Relevanssi The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization. | 8.8 |
| 2018-04-04 | CVE-2018-9034 | Cross-site Scripting vulnerability in Relevanssi Cross-site scripting (XSS) vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter. | 5.4 |
| 2017-11-17 | CVE-2017-1000225 | Cross-site Scripting vulnerability in Relevanssi 1.14.8 Reflected XSS in Relevanssi Premium version 1.14.8 when using relevanssi_didyoumean() could allow unauthenticated attacker to do almost anything an admin can | 6.1 |
| 2017-07-17 | CVE-2017-1000038 | Cross-site Scripting vulnerability in Relevanssi 3.5.7.1 WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored XSS resulting in attacker being able to execute JavaScript on the affected site | 6.1 |