CVE-2024-1380 in Relevanssi Plugin
Summary
by MITRE • 03/13/2024
The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssi_export_log_check() function in all versions up to, and including, 4.22.0 (Free) and 2.25.0 (Premium). This makes it possible for unauthenticated attackers to export the query log data. The vendor has indicated that they may look into adding a capability check for proper authorization control, however, this vulnerability is theoretically patched as is.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 04/12/2026
The CVE-2024-1380 vulnerability affects the Relevanssi – A Better Search plugin for WordPress, specifically targeting versions up to 4.22.0 in the free edition and 2.25.0 in the premium edition. This security flaw represents a critical authorization bypass that allows unauthenticated attackers to access sensitive query log data through the relevanssi_export_log_check() function. The vulnerability stems from the absence of proper capability checks within the plugin's codebase, creating an unintended access vector that undermines the security posture of WordPress installations utilizing this particular plugin.
The technical implementation of this vulnerability lies in the missing capability verification within the relevanssi_export_log_check() function, which is designed to export query logs but fails to validate whether the requesting user possesses appropriate authorization levels. This function operates without requiring any authentication or privilege verification, making it accessible to anyone who can reach the endpoint. The flaw directly maps to CWE-284, which describes improper access control mechanisms, and aligns with ATT&CK technique T1213.002 for data from information repositories. The absence of capability checks creates a direct path for attackers to extract potentially sensitive search data, including user query patterns, which could reveal confidential information about site usage, content interests, or even reveal the existence of sensitive content.
The operational impact of this vulnerability extends beyond simple data exposure, as query logs often contain information about user behavior, search patterns, and potentially sensitive content that users are seeking. Attackers could leverage this vulnerability to gather intelligence about site visitors, identify popular content areas, or discover sensitive information that might not be publicly accessible otherwise. The unauthenticated nature of the attack means that no credentials are required to exploit this flaw, making it particularly dangerous as it can be exploited by anyone with access to the target WordPress installation. This vulnerability effectively undermines the principle of least privilege and could enable further attacks, including reconnaissance for more sophisticated exploitation techniques.
The vendor has acknowledged this vulnerability and indicated they may implement capability checks for future releases, though the current patch status suggests that the vulnerability remains active in affected versions. Organizations should immediately implement mitigations including restricting access to the plugin's export functionality through web server configurations, implementing additional authentication layers, or disabling the export feature entirely until a proper patch is applied. Security measures should also include monitoring for unauthorized access attempts and implementing network-level controls to prevent exploitation. The vulnerability serves as a reminder of the critical importance of proper access control implementation in web applications and the potential consequences of overlooking capability checks in plugin development, particularly in security-sensitive components like search functionality that may inadvertently expose user data.