Relevanssi < 4.22.1 – Unauthenticated Query Log Export | CVE 2024-1380 | Plugin Vulnerabilities

Description

The plugin is vulnerable to unauthorized access of data due to a missing capability check on the relevanssi_export_log_check() function, allowing unauthenticated attackers to export the query log data. The vendor has indicated that they may look into adding a capability check for proper authorization control, however, this vulnerability is theoretically patched as is.

Affects Plugins

Fixed in 4.22.1

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/7b2a3b17-0551-4e02-8e6a-ae8d46da0ef8

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Krzysztof Zając

Verified

No

WPVDB ID

79c73a0a-087f-4971-a95f-c21d1d4db26e

Timeline

Publicly Published

2024-02-22 (about 2 years ago)

Added

2024-02-26 (about 2 years ago)

Last Updated

2024-02-26 (about 2 years ago)

Other

Published

Title

Published

2025-10-08

Title

Open Close WooCommerce Store <= 4.9.8 - Missing Authorization

Published

2026-01-06

Title

Quote Comments <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Update

Published

2026-03-26

Title

SureCart < 4.0.3 - Missing Authorization

Published

2025-12-27

Title

Crowdsignal Forms < 1.8.0 - Missing Authorization

Published

2025-05-19

Title

The Events Calendar < 6.12.0 - Subscriber+ Import Creation