CVE-2024-7573

MEDIUM 5.3

Relevanssi Live Ajax Search <= 2.4 - Unauthenticated WP_Query Argument Injection

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

0th

The Relevanssi Live Ajax Search plugin for WordPress is vulnerable to argument injection in all versions up to, and including, 2.4. This is due to insufficient validation of input supplied via POST data in the 'search' function. This makes it possible for unauthenticated attackers to inject arbitrary arguments into a WP_Query query and potentially expose sensitive information such as attachments or private posts.

CWE	CWE-88
Vendor	comesio
Product	relevanssi live ajax search
Published	Aug 28, 2024
Last Updated	Apr 8, 2026

Stay Ahead of the Next One

Get instant alerts for comesio relevanssi live ajax search

Be the first to know when new medium vulnerabilities affecting comesio relevanssi live ajax search are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

comesio / Relevanssi Live Ajax Search

0 ≤ 2.4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/bbcb648a-4a3e-4645-bd62-4415b1cf6516?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/3135074/relevanssi-live-ajax-search

Credits

Nicola Scattaglia