3 matches found
CVE-2024-7573 Relevanssi Live Ajax Search <= 2.4 - Unauthenticated WP_Query Argument Injection
The Relevanssi Live Ajax Search plugin for WordPress is vulnerable to argument injection in all versions up to, and including, 2.4. This is due to insufficient validation of input supplied via POST data in the 'search' function. This makes it possible for unauthenticated attackers to inject...
CVE-2024-7573
CVE-2024-7573 affects the Relevanssi Live Ajax Search WordPress plugin (versions up to 2.4). The root cause is insufficient validation of POST data in the plugin’s search function, enabling argument injection into WP_Query and potentially exposing attachments or private posts by unauthenticated u...
WordPress Relevanssi Live Ajax Search Plugin <= 2.4 is vulnerable to Broken Access Control
Software Relevanssi Live Ajax Search Type Plugin Vulnerable versions = 2.4 Fixed in 2.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-7573 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 091b716b5837 Credits scottaglia Required...