.. / CVE-2024-1380

Exploit for Relevanssi (A Better Search) <= 4.22.0 - Query Log Export (CVE-2024-1380)

Description:

The Relevanssi Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in all versions up to, and including, 4.22.0. This makes it possible for unauthenticated attackers to export the query log data.

Nuclei Template

View the template here CVE-2024-1380.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-1380.yaml
Copy

References:

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033880%40relevanssi&new=3033880%40relevanssi&sfp_email=&sfph_mail=
https://nvd.nist.gov/vuln/detail/CVE-2024-1380
https://www.wordfence.com/threat-intel/vulnerabilities/id/7b2a3b17-0551-4e02-8e6a-ae8d46da0ef8?source=cve