CVE-2024-7573

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-88
View all →

Vulnerability Description

The Relevanssi Live Ajax Search plugin for WordPress is vulnerable to argument injection in all versions up to, and including, 2.4. This is due to insufficient validation of input supplied via POST data in the 'search' function. This makes it possible for unauthenticated attackers to inject arbitrary arguments into a WP_Query query and potentially expose sensitive information such as attachments or private posts.

Related Vulnerabilities

CVE-2020-14027

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLE_LOCAL_INFILE, that can be leveraged by attackers to enabl...

CWE-882020

CVE-2022-24953

MEDIUM
CVSS:5.3(Medium)

The Crypt_GPG extension before 1.6.7 for PHP does not prevent additional options in GPG calls, which presents a risk for certain environments and GPG versions.

CWE-882022

CVE-2022-4864

MEDIUM
CVSS:5.3(Medium)

Argument Injection in GitHub repository froxlor/froxlor prior to 2.0.0-beta1.

CWE-882022

CVE-2022-44731

MEDIUM
CVSS:5.4(Medium)

A vulnerability has been identified in SIMATIC WinCC OA V3.15 (All versions < V3.15 P038), SIMATIC WinCC OA V3.16 (All versions < V3.16 P035), SIMATIC WinCC OA V3.17 (All versions < V3.17 P024), SIMAT...

CWE-882022

CVE-2019-5804

MEDIUM
CVSS:5.5(Medium)

Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via a crafted domain name.

CWE-882019

CVE-2022-31246

MEDIUM
CVSS:5.5(Medium)

paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request (e.g., within QR code data). On Windows, this can lead to capture of credentials over SMB. On Li...

CWE-882022