Filtered by vendor Relevanssi
Subscribe
Total
6 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-7199 | 1 Relevanssi | 1 Relevanssi | 2024-02-28 | N/A | 5.3 MEDIUM |
The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request | |||||
CVE-2016-10949 | 1 Relevanssi | 1 Relevanssi | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization. | |||||
CVE-2018-9034 | 1 Relevanssi | 1 Relevanssi | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter. | |||||
CVE-2017-1000038 | 1 Relevanssi | 1 Relevanssi | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored XSS resulting in attacker being able to execute JavaScript on the affected site | |||||
CVE-2017-1000225 | 1 Relevanssi | 1 Relevanssi | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
Reflected XSS in Relevanssi Premium version 1.14.8 when using relevanssi_didyoumean() could allow unauthenticated attacker to do almost anything an admin can | |||||
CVE-2014-9443 | 1 Relevanssi | 1 Relevanssi | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |