CVE-2024-7573
Relevanssi Live Ajax Search <= 2.4 - Unauthenticated WP_Query Argument InjectionThe Relevanssi Live Ajax Search plugin for WordPress is vulnerable to argument injection in all versions up to, and including, 2.4. This is due to insufficient validation of input supplied via POST data in the 'search' function. This makes it possible for unauthenticated attackers to inject arbitrary arguments into a WP_Query query and potentially expose sensitive information such as attachments or private posts.
We have discovered 109 live websites that are affected by CVE-2024-7573.
Affected Software
| Product |  Relevanssi Live Ajax Search |
| Category | Wordpress Plugins |
| Vulnerable Domains | 109 live websites (5.39% of Relevanssi Live Ajax Search install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 4 versions ( 80% of all versions) |
Common Weakness Enumeration
CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')Details
- Published - Aug 28, 2024
- Updated - Aug 28, 2024
Credits
- Nicola Scattaglia (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2024-7573 United States | 31 websites |
 Russia | 11 websites |
 GB | 7 websites |
 France | 6 websites |
 Germany | 5 websites |
 Italy | 5 websites |
 Denmark | 4 websites |
 Israel | 4 websites |
 Spain | 3 websites |
 Finland | 3 websites |
Website Distribution by TLD
Number of websites using CVE-2024-7573| .com | 33 websites |
| .ru | 9 websites |
| .org | 8 websites |
| .dk | 4 websites |
| .it | 3 websites |
| .net | 3 websites |
| .co.uk | 3 websites |
| .de | 3 websites |
| .fi | 3 websites |
| .cz | 2 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-7573
Top websites that are affected by CVE-2024-7573. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****.com | United States | ***,*** | |
| *****.*****************.it | France | ***,*** | |
| *****************.com | United States | ***,*** | |
| *****.org |  Canada | ***,*** | |
| ****.org | France | ***,*** | |
| ******.net | United States | ***,*** | |
| *****************.com | Israel | ***,*** | |
| ***************.***.uk | GB | ***,*** | |
| **************.com | United States | ***,*** | |
| *******.********.com |  Indonesia | ***,*** |
FAQ
CVE-2024-7573 is Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') in Relevanssi Live Ajax Search
A total of 109 websites have been identified as vulnerable to CVE-2024-7573, based on global website indexing conducted by WebTechSurvey.
The Relevanssi Live Ajax Search is affected by the CVE-2024-7573 vulnerability.
Relevanssi Live Ajax Search versions up to and including 2.4 are vulnerable to CVE-2024-7573.