CVE-2024-1380

Name of the Vulnerable Software and Affected Versions Relevanssi – A Better Search plugin for WordPress versions up to, and including, 4.22.0

Description The issue is related to a missing capability check on the relevanssi export log check() function, allowing unauthenticated attackers to export the query log data. This makes it possible for unauthorized access of data. The vendor may look into adding a capability check for proper authorization control.

Recommendations For Relevanssi – A Better Search plugin for WordPress versions up to, and including, 4.22.0: As a temporary workaround, consider disabling the relevanssi export log check() function until a patch is available. Restrict access to the query log data to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.