The Relevanssi Live Ajax Search plugin for WordPress is vulnerable to argument injection in all versions up to, and including, 2.4. This is due to insufficient validation of input supplied via POST data in the 'search' function. This makes it possible for unauthenticated attackers to inject arbitrary arguments into a WP_Query query and potentially expose sensitive information such as attachments or private posts.
Metrics
Affected Vendors & Products
References
History
Wed, 28 Aug 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Relevanssi
Relevanssi relevanssi-live-ajax-search |
|
CPEs | cpe:2.3:a:relevanssi:relevanssi-live-ajax-search:*:*:*:*:*:*:*:* | |
Vendors & Products |
Relevanssi
Relevanssi relevanssi-live-ajax-search |
|
Metrics |
ssvc
|
Wed, 28 Aug 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Relevanssi Live Ajax Search plugin for WordPress is vulnerable to argument injection in all versions up to, and including, 2.4. This is due to insufficient validation of input supplied via POST data in the 'search' function. This makes it possible for unauthenticated attackers to inject arbitrary arguments into a WP_Query query and potentially expose sensitive information such as attachments or private posts. | |
Title | Relevanssi Live Ajax Search <= 2.4 - Unauthenticated WP_Query Argument Injection | |
Weaknesses | CWE-88 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-08-28T02:05:44.057Z
Updated: 2024-08-28T13:48:45.580Z
Reserved: 2024-08-06T19:44:06.508Z
Link: CVE-2024-7573
Vulnrichment
Updated: 2024-08-28T13:48:40.258Z
NVD
Status : Awaiting Analysis
Published: 2024-08-28T03:15:03.803
Modified: 2024-08-28T12:57:27.610
Link: CVE-2024-7573
Redhat
No data.