WordPress Plugin Vulnerabilities

Relevanssi (Free < 4.22.0, Premium < 2.25.0) - Unauthenticated Private/Draft Post Disclosure

Description

The plugin allows any unauthenticated user to read draft and private posts via a crafted request

Proof of Concept

Affects Plugins

Plugin icon
relevanssi
Fixed in 4.22.0
Plugin icon
relevanssi-premium
Fixed in 2.25.0

References

CVE
CVE-2023-7199
URL
https://www.relevanssi.com/release-notes/premium-2-25-free-4-22-release-notes/

Classification

Type
IDOR
OWASP top 10
A5: Broken Access Control
CWE
CWE-639
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Krzysztof Zając (CERT PL)
Submitter
Krzysztof Zając (CERT PL)
Submitter website
https://cert.pl
Submitter twitter
cert_polska_en
Verified
Yes
WPVDB ID
0c96a128-4473-41f5-82ce-94bba33ca4a3

Timeline

Publicly Published
2024-01-04 (about 1 year ago)
Added
2024-01-04 (about 1 year ago)
Last Updated
2024-01-04 (about 1 year ago)

Other

Published
Title
Published
2024-01-02
Title
LearnPress < 4.2.5.8 - Subscriber+ Arbitrary Course Progress Disclosure
Published
2024-11-20
Title
UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) < 1.1.9 - Insecure Direct Object Reference to Sensitive Information Exposure via UA_Template Shortcode
Published
2025-07-30
Title
Motors < 1.4.81 - Unauthenticated Insecure Direct Object Reference
Published
2022-11-16
Title
Directorist < 7.4.2.2 - Subscriber+ Arbitrary User Password Update via IDOR
Published
2025-12-06
Title
Thim Elementor Kit < 1.3.4 - Authenticated (Contributor+) Insecure Direct Object Reference