cbcvebase.
CVE-2024-1380
published 2024-03-13

CVE-2024-1380: The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the…

PriorityP354medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
50.19%
98.8th percentile
The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssi_export_log_check() function in all versions up to, and including, 4.22.0 (Free) and 2.25.0 (Premium). This makes it possible for unauthenticated attackers to export the query log data. The vendor has indicated that they may look into adding a capability check for proper authorization control, however, this vulnerability is theoretically patched as is.

Affected

3 ranges
VendorProductVersion rangeFixed in
comesiorelevanssi_a_better_search<= 4.22.0
relevanssirelevanssi< 4.22.14.22.1
relevanssirelevanssi_premium<= 2.25.0

Detection & IOCsextracted from sources · hover to see the quote

url/wp-admin/admin-ajax.php
commandaction=&relevanssi_export=1
filenamerelevanssi_log.csv
path/wp-content/plugins/relevanssi/
  • Detect exploitation attempts by monitoring POST requests to /wp-admin/admin-ajax.php with body parameter 'relevanssi_export=1' from unauthenticated (no valid session/nonce) sources.
  • The vulnerable function is relevanssi_export_log_check(); monitor for its invocation without a capability check in WordPress audit logs or WAF telemetry.
  • ·The vulnerability is described as 'theoretically patched as is' by the vendor, meaning no code change may have been shipped; defenders should not assume an update fully remediates the issue without verifying a capability check was actually added.
  • ·Both the Free (≤4.22.0) and Premium (≤2.25.0) variants of Relevanssi are affected; detection rules and patch verification must cover both product lines.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.