CVE-2024-3214

Name of the Vulnerable Software and Affected Versions Relevanssi – A Better Search plugin for WordPress versions up to, and including, 4.22.1

Description The issue allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. This is due to a CSV Injection vulnerability.

Recommendations For versions up to, and including, 4.22.1, update to a version later than 4.22.1 to resolve the issue. As a temporary workaround, consider avoiding the export of CSV files until a patch is available. Restrict access to the CSV export feature to minimize the risk of exploitation.