Lucene search

[email protected]NVD:CVE-2023-7199

HistoryJan 29, 2024 - 3:15 p.m.

CVE-2023-7199

2024-01-2915:15:09

CWE-639

[email protected]

web.nvd.nist.gov

relevanssi

wordpress

security vulnerability

unauthorized access

draft posts

private posts

crafted request

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

20.3%

JSON

The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request

Affected configurations

Nvd

Node

relevanssirelevanssiRange≤2.25.0wordpress

VendorProductVersionCPE
relevanssirelevanssi*cpe:2.3:a:relevanssi:relevanssi:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
relevanssi	relevanssi	*	cpe:2.3:a:relevanssi:relevanssi::::::wordpress::*

References

wpscan.com/vulnerability/0c96a128-4473-41f5-82ce-94bba33ca4a3/

www.relevanssi.com/release-notes/premium-2-25-free-4-22-release-notes/

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

20.3%

JSON

Related for NVD:CVE-2023-7199

cve1 wpvulndb1 cvelist1 wpexploit1 prion1