10up Elasticpress
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in 10up Elasticpress.
By the Year
In 2026 there have been 0 vulnerabilities in 10up Elasticpress. Elasticpress did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 4.30 |
| 2023 | 2 | 4.30 |
It may take a day or so for new Elasticpress vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent 10up Elasticpress Security Vulnerabilities
CSRF in 10up ElasticPress before 5.1.1
CVE-2024-35684
4.3 - Medium
- June 08, 2024
Cross-Site Request Forgery (CSRF) vulnerability in 10up ElasticPress elasticpress.This issue affects ElasticPress: from n/a through <= 5.1.1.
Session Riding
CVE-2021-4405: ElasticPress WP Plugin 3.5.3 XSRF via epio_send_autosuggest()
CVE-2021-4405
4.3 - Medium
- July 01, 2023
The ElasticPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3. This is due to missing or incorrect nonce validation on the epio_send_autosuggest_allowed() function. This makes it possible for unauthenticated attackers to send allowed parameters for autosuggest to elasticpress[.]io via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Session Riding
Common Vulnerability in unspecified software (CVE-2021-4342)
CVE-2021-4342
- June 07, 2023
** REJECT ** CVE split into individual CVE IDs for each software record.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for 10up Elasticpress or by 10up? Click the Watch button to subscribe.
