Vulnerabilities > Relevanssi

DATE CVE VULNERABILITY TITLE RISK
2024-01-29 CVE-2023-7199 Authorization Bypass Through User-Controlled Key vulnerability in Relevanssi
The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request
network
low complexity
relevanssi CWE-639
5.3
5.3
2019-09-13 CVE-2016-10949 SQL Injection vulnerability in Relevanssi
The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization.
network
relevanssi CWE-89
6.8
6.8
2018-04-04 CVE-2018-9034 Cross-site Scripting vulnerability in Relevanssi
Cross-site scripting (XSS) vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter.
network
relevanssi CWE-79
3.5
3.5
2017-11-17 CVE-2017-1000225 Cross-site Scripting vulnerability in Relevanssi 1.14.8
Reflected XSS in Relevanssi Premium version 1.14.8 when using relevanssi_didyoumean() could allow unauthenticated attacker to do almost anything an admin can
network
relevanssi CWE-79
4.3
4.3
2017-07-17 CVE-2017-1000038 Cross-site Scripting vulnerability in Relevanssi 3.5.7.1
WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored XSS resulting in attacker being able to execute JavaScript on the affected site
network
relevanssi CWE-79
4.3
4.3
2015-01-02 CVE-2014-9443 Cross-site Scripting vulnerability in Relevanssi 3.3.7.1
Cross-site scripting (XSS) vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
relevanssi CWE-79
4.3
4.3