CVE-2024-7573
CVE-2024-7573
Título es
CVE-2024-7573
Mié, 28/08/2024 – 03:15
Tipo
CWE-88
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2024-7573
Descripción en
The Relevanssi Live Ajax Search plugin for WordPress is vulnerable to argument injection in all versions up to, and including, 2.4. This is due to insufficient validation of input supplied via POST data in the 'search' function. This makes it possible for unauthenticated attackers to inject arbitrary arguments into a WP_Query query and potentially expose sensitive information such as attachments or private posts.
28/08/2024
28/08/2024
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Gravedad 3.1 (CVSS 3.1 Base Score)
5.30
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM
Referencias
Enviar en el boletín
Off
