ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Relevanssi Plugin 2.7.2- Stored XSS

Product
Relevanssi
Description
Relevanssi plugin is prone to a stored cross-site scripting vulnerability that exists because of "search Query" variable is displayed and logged unsanitized in the "User Searches" section in the admin Dashboard. This vulnerability allows an attacker to inject malicious HTML code.
Solution
Update to latest plugin version.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In 2.7.2, 3.0.5
Fixed In 2.7.3
Disclosure date
2011-02-24
Credits
Saif El-Sherei