Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2024-7573 | First vendor Publication | 2024-08-28 |
| Vendor | Cve | Last vendor Modification | 2024-08-28 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | |||
|---|---|---|---|
| Overall CVSS Score | 5.3 | ||
| Base Score | 5.3 | Environmental Score | 5.3 |
| impact SubScore | 1.4 | Temporal Score | 5.3 |
| Exploitabality Sub Score | 3.9 | ||
| Attack Vector | Network | Attack Complexity | Low |
| Privileges Required | None | User Interaction | None |
| Scope | Unchanged | Confidentiality Impact | Low |
| Integrity Impact | None | Availability Impact | None |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : | |||
|---|---|---|---|
| Cvss Base Score | N/A | Attack Range | N/A |
| Cvss Impact Score | N/A | Attack Complexity | N/A |
| Cvss Expoit Score | N/A | Authentication | N/A |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The Relevanssi Live Ajax Search plugin for WordPress is vulnerable to argument injection in all versions up to, and including, 2.4. This is due to insufficient validation of input supplied via POST data in the 'search' function. This makes it possible for unauthenticated attackers to inject arbitrary arguments into a WP_Query query and potentially expose sensitive information such as attachments or private posts. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7573 |
Sources (Detail)
| Source | Url |
|---|
Alert History
| Date | Informations |
|---|---|
| 2024-08-30 02:56:42 |
|
| 2024-08-30 02:56:38 |
|
| 2024-08-29 14:00:09 |
|
| 2024-08-29 14:00:05 |
|
| 2024-08-29 02:58:05 |
|
| 2024-08-29 02:58:02 |
|
| 2024-08-28 17:27:28 |
|
| 2024-08-28 09:27:26 |
|
