cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-9021,https://securityvulnerability.io/vulnerability/CVE-2024-9021,Relevanssi plugin vulnerability allows Stored XSS attacks,"The Relevanssi WordPress plugin prior to version 4.23.1 is susceptible to a Stored XSS vulnerability, which can be exploited by embedding malicious scripts. This vulnerability enables a Contributor+ user to execute scripts that may lead to unauthorized account access and backdoor creation, posing significant security risks to affected WordPress installations.",Wordpress,Relevanssi,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-10-08T06:00:05.067Z,0
CVE-2024-7573,https://securityvulnerability.io/vulnerability/CVE-2024-7573,Unauthenticated Attackers Can Inject Arbitrary Arguments in Relevanssi Live Ajax Search Plugin,"The Relevanssi Live Ajax Search plugin for WordPress is vulnerable to argument injection in all versions up to, and including, 2.4. This is due to insufficient validation of input supplied via POST data in the 'search' function. This makes it possible for unauthenticated attackers to inject arbitrary arguments into a WP_Query query and potentially expose sensitive information such as attachments or private posts.",Wordpress,Relevanssi Live Ajax Search,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-08-28T02:05:44.057Z,0
CVE-2024-7630,https://securityvulnerability.io/vulnerability/CVE-2024-7630,Unauthorized Access to Password Protected Posts via Search Query,"The Relevanssi – A Better Search plugin for WordPress has a vulnerability that allows for information exposure due to insufficient query limitations in the relevanssi_do_query() function. This flaw affects all versions up to and including 4.22.2, enabling unauthenticated attackers to extract potentially sensitive information from posts that are typically password protected. Organizations using this plugin should assess their exposure and implement necessary safeguards to mitigate unauthorized data access.",Wordpress,Relevanssi – A Better Search,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,false,false,2024-08-16T01:59:56.829Z,0
CVE-2024-3213,https://securityvulnerability.io/vulnerability/CVE-2024-3213,Unauthorized Data Modification Vulnerability in Relevanssi's Better Search Plugin for WordPress,"The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the relevanssi_update_counts() function in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to execute expensive queries on the application that could lead into DOS.",Wordpress,"Relevanssi – A Better Search (pro),Relevanssi – A Better Search",5.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-04-09T18:59:30.531Z,0
CVE-2024-3214,https://securityvulnerability.io/vulnerability/CVE-2024-3214,CSV Injection Vulnerability in Relevanssi Plugin for WordPress,"The Relevanssi – A Better Search plugin for WordPress is susceptible to a CSV Injection vulnerability in all versions up to and including 4.22.1. This flaw allows unauthenticated attackers to insert malicious inputs into exported CSV files. When these files are downloaded and opened in a vulnerable local environment, it can lead to unauthorized code execution, posing significant security risks. Users of the affected versions are strongly advised to upgrade to version 4.22.2 or later to mitigate this vulnerability.",Wordpress,"Relevanssi – A Better Search (pro),Relevanssi – A Better Search",9.8,CRITICAL,0.0008399999933317304,false,,false,false,false,,false,false,2024-04-09T18:59:07.972Z,0
CVE-2024-1380,https://securityvulnerability.io/vulnerability/CVE-2024-1380,Unauthorized Access to Query Log Data Due to Missing Capability Check,"The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssi_export_log_check() function in all versions up to, and including, 4.22.0. This makes it possible for unauthenticated attackers to export the query log data. The vendor has indicated that they may look into adding a capability check for proper authorization control, however, this vulnerability is theoretically patched as is.",Wordpress,Relevanssi – A Better Search,5.3,MEDIUM,0.000590000010561198,false,,false,false,true,true,false,false,2024-03-13T15:26:58.390Z,0
CVE-2023-7199,https://securityvulnerability.io/vulnerability/CVE-2023-7199,"Relevanssi (Free < 4.22.0, Premium < 2.25.0) - Unauthenticated Private/Draft Post Disclosure","The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request",Wordpress,"Relevanssi,Relevanssi Premium",5.3,MEDIUM,0.0005799999926239252,false,,false,false,true,true,false,false,2024-01-29T14:44:19.919Z,0
CVE-2016-10949,https://securityvulnerability.io/vulnerability/CVE-2016-10949,,The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization.,Wordpress,Relevanssi,8.8,HIGH,0.005520000122487545,false,,false,false,false,,false,false,2019-09-13T12:06:12.000Z,0
CVE-2018-9034,https://securityvulnerability.io/vulnerability/CVE-2018-9034,,Cross-site scripting (XSS) vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter.,Wordpress,Relevanssi,5.4,MEDIUM,0.0010499999625608325,false,,false,false,false,,false,false,2018-04-04T19:00:00.000Z,0
CVE-2017-1000038,https://securityvulnerability.io/vulnerability/CVE-2017-1000038,,WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored XSS resulting in attacker being able to execute JavaScript on the affected site,Wordpress,Relevanssi,6.1,MEDIUM,0.0012799999676644802,false,,false,false,false,,false,false,2017-07-17T13:18:00.000Z,0
CVE-2014-9443,https://securityvulnerability.io/vulnerability/CVE-2014-9443,,Cross-site scripting (XSS) vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.,Wordpress,Relevanssi,,,0.0014299999456852674,false,,false,false,false,,false,false,2015-01-02T19:59:00.000Z,0