vulnerability

WordPress Plugin: relevanssi-live-ajax-search: CVE-2024-7573: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Aug 27, 2024	May 15, 2025	Jun 24, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Aug 27, 2024

Added

May 15, 2025

Modified

Jun 24, 2025

Description

The Relevanssi Live Ajax Search plugin for WordPress is vulnerable to argument injection in all versions up to, and including, 2.4. This is due to insufficient validation of input supplied via POST data in the 'search' function. This makes it possible for unauthenticated attackers to inject arbitrary arguments into a WP_Query query and potentially expose sensitive information such as attachments or private posts.

Solution

relevanssi-live-ajax-search-plugin-cve-2024-7573

References

URL-https://www.cve.org/CVERecord?id=CVE-2024-7573
URL-https://www.wordfence.com/threat-intel/vulnerabilities/id/bbcb648a-4a3e-4645-bd62-4415b1cf6516?source=api-prod
CVE-2024-7573
https://attackerkb.com/topics/CVE-2024-7573
CWE-88

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today