CVE-2024-7573

NVD Published Date: August 28, 2024 at 03:15 AM
NVD Last Modified: August 28, 2024 at 12:57 PM
Download Patch
Vulnerability ID
CVE-2024-7573
Severity
MEDIUM
Severity Score
5.3
Summary
The Relevanssi Live Ajax Search plugin for WordPress is vulnerable to argument injection in all versions up to, and including, 2.4. This is due to insufficient validation of input supplied via POST data in the 'search' function. This makes it possible for unauthenticated attackers to inject arbitrary arguments into a WP_Query query and potentially expose sensitive information such as attachments or private posts.
Mitigation and Patches
-
Exploits
-
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE ID
None

Recent Publish

CVE-2024-6448

CVE-2023-45896

CVE-2024-39771

CVE-2024-39584

CVE-2023-43078

CVE-2024-6312

See SecOps Solution
in action

Schedule Demo