CVE-2024-7573

Name of the Vulnerable Software and Affected Versions Relevanssi Live Ajax Search plugin for WordPress versions up to, and including, 2.4

Description The issue is due to insufficient validation of input supplied via POST data in the search function, making it possible for unauthenticated attackers to inject arbitrary arguments into a WP Query query and potentially expose sensitive information such as attachments or private posts.

Recommendations For Relevanssi Live Ajax Search plugin for WordPress versions up to, and including, 2.4, update to a version higher than 2.4 to resolve the issue. As a temporary workaround, consider disabling the search function until a patch is available. Restrict access to the WP Query query to minimize the risk of exploitation. Avoid using the Relevanssi Live Ajax Search plugin until the issue is resolved.