Relevanssi (Free < 4.22.0, Premium < 2.25.0) - Unauthenticated Private/Draft Post Disclosure
CVE-2023-7199

5.3MEDIUM

Key Information:

Vendor: Wordpress
Status: Relevanssi; Relevanssi Premium
Vendor: CVE Published:; 29 January 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request

Affected Version(s)

Relevanssi 0 < 4.22.0

Relevanssi Premium 0 < 2.25.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-7199 - Proof of Concept

References

https://wpscan.com/vulnerability/0c96a128-4473-41f5-82ce-...

exploitvdb-entrytechnical-description

https://www.relevanssi.com/release-notes/premium-2-25-fre...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Jan 29, 2024
👾
Exploit known to exist
Jan 29, 2024
Vulnerability published
Jan 29, 2024
Vulnerability Reserved
Jan 2, 2024

Credit

Krzysztof Zając (CERT PL)

WPScan