CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9021 – Relevanssi < 4.23.1 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-9021
In the process of testing the Relevanssi WordPress plugin before 4.23.1, a vulnerability was found that allows you to implement Stored XSS on behalf of the Contributor+ by embedding malicious script, which entails account takeover backdoor The Relevanssi – A Better Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom name field in all versions up to, and including, 4.23.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wpscan.com/vulnerability/5f25646d-b80b-40b1-bcaf-3b860ddc4059 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-9034 – Relevanssi <= 4.0.4 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-9034
Cross-site scripting (XSS) vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter. Vulnerabilidad de Cross-Site Scripting (XSS) en lib/interface.php en el plugin Relevanssi 4.0.4 para WordPress permite que atacantes remotos inyecten JavaScript o HTML arbitrarios mediante el parámetro GET. WordPress Relevanssi plugin version 4.0.4 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/44366 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-9443 – Relevanssi – A Better Search < 3.3.8 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-9443
Cross-site scripting (XSS) vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el plugin Relevanssi anterior a 3.3.8 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/61744 https://wordpress.org/plugins/relevanssi/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •