7.5
CVE-2024-7630
- EPSS 1.6%
- Veröffentlicht 16.08.2024 03:15:10
- Zuletzt bearbeitet 29.01.2025 16:22:28
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginRelevanssi <= 4.22.2 (Free) and <= 2.25.1 (Premium) - Unauthenticated Information Exposure
The Relevanssi – A Better Search plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.22.2 via the relevanssi_do_query() due to insufficient limitations on the posts that are returned when searching. This makes it possible for unauthenticated attackers to extract potentially sensitive information from password protected posts.
Mögliche Gegenmaßnahme
Relevanssi – A Better Search: Update to version 4.23.0, or a newer patched version
Relevanssi Premium: Update to version 2.25.2, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Relevanssi – A Better Search
Version
*-4.22.2
SystemWordPress Plugin
≫
Produkt
Relevanssi Premium
Version
*-2.25.1
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Relevanssi ≫ Relevanssi SwPlatformwordpress Version < 4.23.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.6% | 0.814 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| security@wordfence.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.