ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Relevanssi plugin <=4.0.4 - Cross-Site Scripting (XSS) vulnerability

Product
Relevanssi
Description
Cross-Site Scripting (XSS) vulnerability found in WordPress Relevanssi plugin (versions <=4.0.4). Attackers can inject arbitrary JavaScript or HTML via the GET parameter.
Solution
09.04.2018 - Several sources claim that you need to update to the version 4.1, but we were unable to find this version on the plugin page at WordPress.org
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
CVE
Name CVE-2018-9034
Versions
Affected In <=4.0.4
Disclosure date
2018-04-09
Credits
Stefan Broeder
Submitter
ThreatPress