vulnerability

WordPress Plugin: relevanssi-live-ajax-search: CVE-2024-7573: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Aug 27, 2024	May 15, 2025	Apr 30, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Aug 27, 2024

Added

May 15, 2025

Modified

Apr 30, 2026

Description

The Relevanssi Live Ajax Search plugin for WordPress is vulnerable to argument injection in all versions up to, and including, 2.4. This is due to insufficient validation of input supplied via POST data in the 'search' function. This makes it possible for unauthenticated attackers to inject arbitrary arguments into a WP_Query query and potentially expose sensitive information such as attachments or private posts.

Solution

relevanssi-live-ajax-search-plugin-cve-2024-7573

References

https://www.cve.org/CVERecord?id=CVE-2024-7573
https://www.wordfence.com/threat-intel/vulnerabilities/id/bbcb648a-4a3e-4645-bd62-4415b1cf6516?source=api-prod
https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-48471
CVE-2024-7573
https://attackerkb.com/topics/CVE-2024-7573
CWE-88
EUVD-EUVD-2024-48471

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report