Relevanssi – A Better Search < 4.14.3 – Unauthenticated Stored Cross-Site Scripting

Description

The plugin does not sanitise and escape user searches before outputting them in the related admin dashboard when the feature is enabled

Proof of Concept

Enable the logging of user query, then was unauthenticated user /?s=<img src onerror=alert(/XSS/)>

The XSS will be triggered when an admin will view the User Searches dashboard at /wp-admin/index.php?page=relevanssi%2Frelevanssi.php

Affects Plugins

relevanssi

Fixed in 4.14.3

References

URL

https://plugins.trac.wordpress.org/changeset/2616189/relevanssi

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

7.5 (high)

Miscellaneous

Verified

Yes

WPVDB ID

ad08bd11-e4b0-4bb1-9481-3c9651f50466

Timeline

Publicly Published

2021-10-19 (about 4 years ago)

Added

2021-12-23 (about 4 years ago)

Last Updated

2021-12-23 (about 4 years ago)

Other

Published

Title

Published

2024-12-11

Title

Revi.io < 5.8.0 - Reflected Cross-Site Scripting

Published

2022-03-10

Title

UpdraftPlus < 1.22.9 - Reflected Cross-Site Scripting

Published

2026-02-26

Title

LambertGroup - AllInOne - Content Slider <= 3.8 - Reflected Cross-Site Scripting

Published

2026-02-17

Title

Membership Plugin – Restrict Content < 3.2.19 - Authenticated (Administrator+) Stored Cross-Site Scripting via Invoice Settings

Published

2024-02-20

Title

wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin < 3.4.2.5 - Reflected Cross-Site Scripting.