CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9021 – Relevanssi < 4.23.1 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-9021
In the process of testing the Relevanssi WordPress plugin before 4.23.1, a vulnerability was found that allows you to implement Stored XSS on behalf of the Contributor+ by embedding malicious script, which entails account takeover backdoor The Relevanssi – A Better Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom name field in all versions up to, and including, 4.23.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wpscan.com/vulnerability/5f25646d-b80b-40b1-bcaf-3b860ddc4059 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-9034 – Relevanssi <= 4.0.4 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-9034
Cross-site scripting (XSS) vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter. Vulnerabilidad de Cross-Site Scripting (XSS) en lib/interface.php en el plugin Relevanssi 4.0.4 para WordPress permite que atacantes remotos inyecten JavaScript o HTML arbitrarios mediante el parámetro GET. WordPress Relevanssi plugin version 4.0.4 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/44366 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-1000038 – Relevanssi – A Better Search <= 3.5.7.1 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-1000038
WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored XSS resulting in attacker being able to execute JavaScript on the affected site WordPress plugin Relevanssi versión 3.5.7.1 es vulnerable a ataques de tipo XSS almacenado, resultando en que un atacante sea capaz de ejecutar JavaScript en el sitio afectado. • https://security.dxw.com/advisories/stored-xss-in-relevanssi-could-allow-an-unauthenticated-attacker-to-do-almost-anything-an-admin-can-do • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •