GCVE - cpe:2.3:a:ajay:better_search_–_relevant_search_results_for

Approved changes feed: RSS · Atom

cpe:2.3:a:ajay:better_search_–_relevant_search_results_for_wordpress:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Ajay (`3149a988-0836-54ad-b40c-7dd40b9714d4`)
Product	Better Search – Relevant Search Results For Wordpress (`b333b033-dee4-52e6-8fc5-612bb8b14421`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-4400`	vulnerable	2026-06-08 05:38:09.342890	Better Search <= 2.5.2 - Cross-Site Request Forgery Bypass MEDIUM (4.3) The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the bsearch_process_settings_import() and bsearch_process_settings_export() functions. This makes it possible for unauthenticated attackers to import and export settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Published: 2023-07-01T05:33:27.028Z Updated: 2026-04-08T17:02:24.574Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/7acbcf74-2bae-412b-bf9d-70287a91deea?source=cve https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/ https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/ https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/ https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-4373`	vulnerable	2026-06-08 05:38:09.289807	Better Search <= 2.5.2 - Cross-Site Request Forgery to Settings Import HIGH (8.8) The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to import settings via forged request granted they can trick a site administrator into performing an action such as clicking on a link. Published: 2023-06-07T01:51:43.709Z Updated: 2026-04-08T17:24:42.876Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/cfc6c595-dad2-4abc-8187-ed72355273b8?source=cve https://plugins.trac.wordpress.org/changeset/2473344 https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Better Search – Relevant Search Results For Wordpress

PURL mappings

Vulnerability references

Contribute