Relevanssi < 4.23.0 – Unauthenticated Information Exposure | CVE 2024-7630 | Plugin Vulnerabilities

Description

The Relevanssi – A Better Search plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.22.2 via the relevanssi_do_query() due to insufficient limitations on the posts that are returned when searching. This makes it possible for unauthenticated attackers to extract potentially sensitive information from password protected posts.

Affects Plugins

Fixed in 4.23.0

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/3fa78f4e-ede2-4863-a2d7-99bd8c7b5912

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

stealthcopter

Verified

No

WPVDB ID

0da3d56a-b3a8-43ac-873e-40cbda74165d

Timeline

Publicly Published

2024-08-15 (about 1 year ago)

Added

2024-08-15 (about 1 year ago)

Last Updated

2024-08-16 (about 1 year ago)

Other

Published

Title

Published

2023-11-28

Title

Aruba HiSpeed Cache < 2.0.7 - Unauthenticated Log File Access

Published

2024-06-28

Title

Advanced File Manager < 5.2.5 - Sensitive Information Exposure via Directory Listing

Published

2025-09-22

Title

Getwid < 2.1.3 - Authenticated (Contributor+) Sensitive Information Exposure

Published

2026-02-13

Title

StickEasy Protected Contact Form < 1.0.2 - Unauthenticated Information Disclosure

Published

2023-07-19

Title

Essential Addons For Elementor < 5.8.2 - Unauthenticated MailChimp API Key Disclosure