S4E

CVE-2024-1380 Scanner

CVE-2024-1380 scanner - Information Disclosure vulnerability in Relevanssi (A Better Search) plugin for WordPress

SCAN NOW

Short Info


Level

Medium

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 second

Time Interval

1 month

Scan only one

Domain, Ipv4

Toolbox

-

Relevanssi is a popular WordPress plugin used to enhance the search functionality on websites. It allows users to perform more precise and comprehensive searches within WordPress sites. The plugin is widely used by website administrators, bloggers, and businesses to improve user experience. It offers features like search result customization, logging search queries, and providing detailed search statistics. The vulnerability in question affects the query log export function.

The Information Disclosure vulnerability in the Relevanssi plugin for WordPress allows unauthorized access to query log data. This vulnerability exists due to a missing capability check in the plugin’s code. Attackers can exploit this to export query logs without authentication. The issue affects all versions up to and including 4.22.0.

The vulnerability is found in the Relevanssi plugin’s query log export functionality. Specifically, the endpoint /wp-admin/admin-ajax.php allows unauthenticated users to export query logs by sending a POST request with the parameter action=&relevanssi_export=1. The plugin fails to check if the user has the necessary capabilities to perform this action. Successful exploitation results in the download of a CSV file containing sensitive information such as user IDs and session IDs.

If exploited, this vulnerability can lead to unauthorized disclosure of sensitive data contained within the query logs. Attackers may gain access to user IDs, session IDs, and potentially other sensitive information logged by the Relevanssi plugin. This can compromise user privacy and lead to further security breaches if the data is misused.

By using the S4E platform, you can ensure that your website is protected against vulnerabilities like this one. Our platform offers comprehensive scans, timely updates on newly discovered vulnerabilities, and detailed reports to help you secure your digital assets. Become a member today to benefit from proactive threat detection and ensure your site’s security.

References:

Get started to protecting your Free Full Security Scan