CVE-2024-7630

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

T

he Relevanssi – A Better Search plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.22.2 via the relevanssi_do_query() due to insufficient limitations on the posts that are returned when searching. This makes it possible for unauthenticated attackers to extract potentially sensitive information from password protected posts.

References

Link	Resource
https://plugins.trac.wordpress.org/changeset/3134753/relevanssi/trunk/lib/common.php	Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/3fa78f4e-ede2-4863-a2d7-99bd8c7b5912?source=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:relevanssi:relevanssi:*:*:*:*:*:wordpress:*:*

History

29 Jan 2025, 16:22

Type	Values Removed	Values Added
First Time		Relevanssi Relevanssi relevanssi
References	~~() https://plugins.trac.wordpress.org/changeset/3134753/relevanssi/trunk/lib/common.php -~~	() https://plugins.trac.wordpress.org/changeset/3134753/relevanssi/trunk/lib/common.php - Patch
References	~~() https://www.wordfence.com/threat-intel/vulnerabilities/id/3fa78f4e-ede2-4863-a2d7-99bd8c7b5912?source=cve -~~	() https://www.wordfence.com/threat-intel/vulnerabilities/id/3fa78f4e-ede2-4863-a2d7-99bd8c7b5912?source=cve - Third Party Advisory
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:a:relevanssi:relevanssi::::::wordpress::*

19 Aug 2024, 13:00

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-16 03:15

Updated : 2025-01-29 16:22

NVD link : CVE-2024-7630

Mitre link : CVE-2024-7630

CVE.ORG link : CVE-2024-7630

JSON object : View

Products Affected

relevanssi

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-noinfo

{"id": "CVE-2024-7630", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-08-16T03:15:10.093", "references": [{"url": "https://plugins.trac.wordpress.org/changeset/3134753/relevanssi/trunk/lib/common.php", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3fa78f4e-ede2-4863-a2d7-99bd8c7b5912?source=cve", "tags": ["Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The Relevanssi \u2013 A Better Search plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.22.2 via the relevanssi_do_query() due to insufficient limitations on the posts that are returned when searching. This makes it possible for unauthenticated attackers to extract potentially sensitive information from password protected posts."}, {"lang": "es", "value": "El complemento Relevanssi \u2013 A Better Search para WordPress es vulnerable a la exposici\u00f3n de la informaci\u00f3n en todas las versiones hasta la 4.22.2 incluida a trav\u00e9s de relevanssi_do_query() debido a limitaciones insuficientes en las publicaciones que se devuelven durante la b\u00fasqueda. Esto hace posible que atacantes no autenticados extraigan informaci\u00f3n potencialmente confidencial de publicaciones protegidas con contrase\u00f1a."}], "lastModified": "2025-01-29T16:22:28.413", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:relevanssi:relevanssi:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "5C808B09-0182-4978-922E-C66615B160AE", "versionEndExcluding": "4.23.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}