CVE-2024-3214
First published: Tue Apr 09 2024(Updated: )
The Relevanssi – A Better Search plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Relevanssi | <4.22.2 | |
| Relevanssi | <=4.22.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-3214?
CVE-2024-3214 is considered a high severity vulnerability due to the potential for code execution through CSV Injection.
How do I fix CVE-2024-3214?
To fix CVE-2024-3214, update the Relevanssi – A Better Search plugin to version 4.22.2 or later.
Who is affected by CVE-2024-3214?
All users of Relevanssi – A Better Search plugin for WordPress up to version 4.22.1 are affected by CVE-2024-3214.
Can CVE-2024-3214 be exploited by authenticated users?
No, CVE-2024-3214 can be exploited by unauthenticated attackers, making it particularly dangerous.
What types of attacks can result from CVE-2024-3214?
CVE-2024-3214 may allow attackers to execute arbitrary code when users download compromised CSV files.
- agent/references
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/description
- agent/author
- agent/event
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/last-modified-date
- agent/severity
- agent/remedy
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/guess-ai
- vendor/relevanssi
- canonical/relevanssi