CVE-2024-1380 identifies a missing authorization vulnerability (CWE-862) in the Relevanssi – A Better Search WordPress plugin developed by msaari. The issue resides in the relevanssi_export_log_check() function, which lacks proper capability checks to verify if the requesting user is authorized to export query log data. This omission allows unauthenticated attackers to retrieve search query logs, potentially exposing sensitive user search information or internal data patterns. The vulnerability affects all versions up to and including 4.22.0. The CVSS v3.1 base score is 5.3, reflecting a medium severity with network attack vector, low attack complexity, no privileges required, and no user interaction needed. The impact is limited to confidentiality loss, with no integrity or availability effects. The vendor has not yet released a formal patch but has indicated intentions to implement proper authorization checks. Currently, the vulnerability is theoretically patched as is, but no official patch or exploit code is publicly available. This vulnerability is particularly relevant for websites relying on Relevanssi for search functionality, as query logs may contain sensitive or personally identifiable information. Attackers exploiting this flaw can harvest search logs remotely without authentication, increasing the risk of data leakage. The lack of known exploits reduces immediate risk, but the exposure of query logs can facilitate further reconnaissance or targeted attacks.

The primary impact of CVE-2024-1380 is unauthorized disclosure of search query logs, which can contain sensitive or personally identifiable information depending on the website's content and user behavior. This confidentiality breach can lead to privacy violations, data leakage, and potential exposure of internal search patterns or business intelligence. While the vulnerability does not affect data integrity or system availability, the unauthorized access to logs can aid attackers in crafting more effective phishing, social engineering, or targeted attacks. Organizations relying heavily on Relevanssi for search may face reputational damage and compliance issues if sensitive data is exposed. The ease of exploitation (no authentication or user interaction required) increases the risk, especially for public-facing WordPress sites. However, the absence of known exploits in the wild and the medium CVSS score suggest a moderate immediate threat level. Nonetheless, the vulnerability should be addressed promptly to prevent potential data exposure and to maintain trust with users and stakeholders.

1. Immediately verify if an updated version of the Relevanssi plugin is available that includes proper authorization checks and apply it as soon as possible. 2. If no official patch exists, implement temporary access controls at the web server or application firewall level to restrict access to the relevanssi_export_log_check() endpoint or related export functionality. 3. Review and limit user permissions within WordPress to minimize exposure of sensitive logs. 4. Monitor web server logs for unusual access patterns targeting the export log functionality. 5. Consider disabling or restricting the export log feature if it is not essential to your operations. 6. Conduct an audit of stored query logs to assess any sensitive data exposure and purge unnecessary logs. 7. Employ network-level protections such as IP whitelisting or VPN access for administrative functions related to Relevanssi. 8. Educate site administrators about the risks of unauthorized data export and encourage timely plugin updates. 9. Follow vendor communications closely for official patches or security advisories. 10. Implement a web application firewall (WAF) with custom rules to detect and block unauthorized attempts to access export functions.