VYPR

Fantastic ElasticSearch

by Fantastic ElasticSearch

CVEs (2)

  • CVE-2015-5377CriMar 6, 2018
    risk 0.58cvss 9.8epss 0.15

    Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors involving the transport protocol. NOTE: ZDI appears to claim that CVE-2015-3253 and CVE-2015-5377 are the same vulnerability

  • CVE-2024-13221Jan 31, 2025
    risk 0.00cvss epss 0.01

    The Fantastic ElasticSearch WordPress plugin through 4.1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.