CVE-2024-1380
First published: Wed Mar 13 2024(Updated: )
The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssi_export_log_check() function in all versions up to, and including, 4.22.0. This makes it possible for unauthenticated attackers to export the query log data. The vendor has indicated that they may look into adding a capability check for proper authorization control, however, this vulnerability is theoretically patched as is.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Relevanssi | <4.22.1 | |
| Relevanssi | <=4.22.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-1380?
CVE-2024-1380 has a medium severity rating due to its potential for unauthorized data access.
How do I fix CVE-2024-1380?
To fix CVE-2024-1380, update the Relevanssi plugin to version 4.22.1 or later.
Who is affected by CVE-2024-1380?
CVE-2024-1380 affects all versions of the Relevanssi plugin for WordPress up to and including version 4.22.0.
What type of vulnerability is CVE-2024-1380?
CVE-2024-1380 is a security vulnerability that allows unauthorized access due to a missing capability check.
Can CVE-2024-1380 lead to data breaches?
Yes, CVE-2024-1380 can potentially lead to data breaches by allowing unauthenticated attackers to export sensitive query logs.
- agent/references
- agent/description
- agent/author
- agent/type
- agent/weakness
- agent/severity
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/last-modified-date
- agent/remedy
- agent/event
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/guess-ai
- vendor/relevanssi
- canonical/relevanssi