cbcvebase.
CVE-2024-3213
published 2024-04-09

CVE-2024-3213: The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the…

PriorityP347high8.2CVSS 3.1
AVNACLPRNUINSUCNILAH
EPSS
0.81%
52.3th percentile
The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the relevanssi_update_counts() function in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to execute expensive queries on the application that could lead into DOS.

Affected

3 ranges
VendorProductVersion rangeFixed in
comesiorelevanssi_a_better_search<= 4.22.1
relevanssirelevanssi< 4.22.24.22.2
relevanssirelevanssi_premium<= 2.25.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.