10up Elasticpress
By the Year
In 2024 there have been 0 vulnerabilities in 10up Elasticpress . Last year Elasticpress had 2 security vulnerabilities published. Right now, Elasticpress is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 2 | 4.30 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Elasticpress vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent 10up Elasticpress Security Vulnerabilities
The ElasticPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3
CVE-2021-4405
4.3 - Medium
- July 01, 2023
The ElasticPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3. This is due to missing or incorrect nonce validation on the epio_send_autosuggest_allowed() function. This makes it possible for unauthenticated attackers to send allowed parameters for autosuggest to elasticpress[.]io via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Session Riding
** REJECT ** CVE split into individual CVE IDs for each software record.
CVE-2021-4342
- June 07, 2023
** REJECT ** CVE split into individual CVE IDs for each software record.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Rucyproject Rucy or by 10up? Click the Watch button to subscribe.
