WordPress Plugin Vulnerabilities
Relevanssi - Subscriber+ Unauthorised AJAX Calls
Description
The plugins do not have authorisation and CSRF checks in some of their AJAX actions, allowing any authenticated users, such as subscriber, to call them. This could disclose information to subscribers, as well as allow them to truncate the index, which will disable the search
Proof of Concept
https://example.com/wp-admin/admin-ajax.php?action=relevanssi_truncate_index
Affects Plugins
References
Classification
Type
NO AUTHORISATION
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Jan w Oleju
Submitter
Jan w Oleju
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-02-15 (about 2 years ago)
Added
2022-02-15 (about 2 years ago)
Last Updated
2022-02-15 (about 2 years ago)