CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-1000038 – Relevanssi – A Better Search <= 3.5.7.1 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-1000038
WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored XSS resulting in attacker being able to execute JavaScript on the affected site WordPress plugin Relevanssi versión 3.5.7.1 es vulnerable a ataques de tipo XSS almacenado, resultando en que un atacante sea capaz de ejecutar JavaScript en el sitio afectado. • https://security.dxw.com/advisories/stored-xss-in-relevanssi-could-allow-an-unauthenticated-attacker-to-do-almost-anything-an-admin-can-do • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2016-10949 – Relevanssi Premium < 1.14.6.1 - SQL Injection
https://notcve.org/view.php?id=CVE-2016-10949
The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization. El plugin Relevanssi Premium versiones anteriores a 1.14.6.1 para WordPress, presenta una inyección SQL con una deserialización no segura resultante. • https://advisories.dxw.com/advisories/sql-injection-and-unserialization-vulnerability-in-relevanssi-premium-could-allow-admins-to-execute-arbitrary-code-in-some-circumstances • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9443 – Relevanssi – A Better Search < 3.3.8 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-9443
Cross-site scripting (XSS) vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el plugin Relevanssi anterior a 3.3.8 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/61744 https://wordpress.org/plugins/relevanssi/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •