Vulnerabilities > Relevanssi > Relevanssi > 2.9.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-29 | CVE-2023-7199 | Authorization Bypass Through User-Controlled Key vulnerability in Relevanssi The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request | 5.3 |
2018-04-04 | CVE-2018-9034 | Cross-site Scripting vulnerability in Relevanssi Cross-site scripting (XSS) vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter. | 3.5 |