CVE-2023-7199
Relevanssi (Free < 4.22.0, Premium < 2.25.0) - Unauthenticated Private/Draft Post Disclosure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request
Los complementos Relevanssi de WordPress anterior a 4.22.0 y Relevanssi Premium de WordPress anterior a 2.25.0 permite a cualquier usuario no autenticado leer borradores y publicaciones privadas a través de una solicitud manipulada
The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to insufficient limitation of a user controlled key in all versions up to, and including, 4.21.2 (Free) and < 2.25.0 (Premium). This makes it possible for unauthenticated attackers to view private and draft posts that may contain sensitive information.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2024-01-02 CVE Reserved
- 2024-01-04 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2024-08-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-639: Authorization Bypass Through User-Controlled Key
- CWE-862: Missing Authorization
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://wpscan.com/vulnerability/0c96a128-4473-41f5-82ce-94bba33ca4a3 | 2024-08-02 |
URL | Date | SRC |
---|---|---|
https://www.relevanssi.com/release-notes/premium-2-25-free-4-22-release-notes | 2024-02-03 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Relevanssi Search vendor "Relevanssi" | Relevanssi Search vendor "Relevanssi" for product "Relevanssi" | <= 2.25.0 Search vendor "Relevanssi" for product "Relevanssi" and version " <= 2.25.0" | wordpress |
Affected
|