CVE-2023-7199

Опубликовано: 29 янв. 2024

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request

Ссылки

https://wpscan.com/vulnerability/0c96a128-4473-41f5-82ce-94bba33ca4a3/
Exploit
Third Party Advisory
https://www.relevanssi.com/release-notes/premium-2-25-free-4-22-release-notes/
Patch
https://wpscan.com/vulnerability/0c96a128-4473-41f5-82ce-94bba33ca4a3/
Exploit
Third Party Advisory
https://www.relevanssi.com/release-notes/premium-2-25-free-4-22-release-notes/
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:relevanssi:relevanssi:*:*:*:*:*:wordpress:*:*

Версия до 2.25.0 (включая)

EPSS

Процентиль: 63%

0.00438

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-639

Связанные уязвимости

GHSA-f44w-wxhf-f354