CVE-2023-7199

CWE-639Insecure Direct Object Reference3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.4%
top 36.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Unknown RelevanssiUnknown Relevanssi PremiumRelevanssi Relevanssi
Timeline
PublishedJan 29

Description

The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

CVEListV5unknown/relevanssi_premium< 2.25.0
CVEListV5unknown/relevanssi< 4.22.0

Patches

Patch: www.relevanssi.comPatch: www.relevanssi.com

🔴Vulnerability Details

2
GHSA
GHSA-f44w-wxhf-f354: The Relevanssi WordPress plugin before 42024-01-29
CVEList
Relevanssi (Free < 4.22.0, Premium < 2.25.0) - Unauthenticated Private/Draft Post Disclosure2024-01-29
CVE-2023-7199 (MEDIUM CVSS 5.3) | The Relevanssi WordPress plugin bef | cvebase.io