CVE-2023-7199

MEDIUM

Relevanssi < 2.25.0 - IDOR

Title source: rule

Description

The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request

References (2)

Core 2

Core References

Patch

https://www.relevanssi.com/release-notes/premium-2-25-free-4-22-release-notes/

Exploit, Third Party Advisory exploit vdb-entry technical-description

https://wpscan.com/vulnerability/0c96a128-4473-41f5-82ce-94bba33ca4a3/

Scores

CVSS v3 5.3

EPSS 0.0044

EPSS Percentile 63.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-639

Status published

Products (1)

relevanssi/relevanssi < 2.25.0

Published Jan 29, 2024

Tracked Since Feb 18, 2026