PT-2024-15224 · WordPress · Relevanssi Premium+1

Krzysztof Zając

Published

2024-01-29

Updated

2024-02-03

CVE-2023-7199

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Relevanssi WordPress plugin versions prior to 4.22.0 Relevanssi Premium WordPress plugin versions prior to 2.25.0

Description The issue allows any unauthenticated user to read draft and private posts via a crafted request.

Recommendations For Relevanssi WordPress plugin versions prior to 4.22.0, update to version 4.22.0 or later. For Relevanssi Premium WordPress plugin versions prior to 2.25.0, update to version 2.25.0 or later.

Exploit

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2023-7199

Affected Products

Relevanssi

Relevanssi Premium

PT-2024-15224 · WordPress · Relevanssi Premium+1

CVE-2023-7199

Weakness Enumeration

Related Identifiers

Affected Products

References · 4