Description
WordPress Plugin Relevanssi-A Better Search is prone to an HTML injection vulnerability because it fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code could be executed in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible. WordPress Plugin Relevanssi-A Better Search version 2.7.2 is vulnerable; other versions may also be affected.
Remediation
Update to plugin version 2.7.3 or latest
References
http://www.exploit-db.com/exploits/16233/
http://packetstormsecurity.com/files/98710/Relevanssi-2.7.2-Cross-Site-Scripting.html
Related Vulnerabilities
axios Improper Input Validation Vulnerability (CVE-2019-10742)
WordPress Plugin Product Size charts for Woocommerce Unspecified Vulnerability (1.0)
Joomla! Core 3.x.x Cross-Site Request Forgery (3.2.0 - 3.4.5)
SharePoint Resource Management Errors Vulnerability (CVE-2008-3006)
WordPress Plugin Smart Marketing SMS and Newsletters Forms Security Bypass (2.6.1)