Description
WordPress Plugin Relevanssi-A Better Search is prone to an HTML injection vulnerability because it fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code could be executed in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible. WordPress Plugin Relevanssi-A Better Search version 2.7.2 is vulnerable; other versions may also be affected.
Remediation
Update to plugin version 2.7.3 or latest
References
http://www.exploit-db.com/exploits/16233/
http://packetstormsecurity.com/files/98710/Relevanssi-2.7.2-Cross-Site-Scripting.html
Related Vulnerabilities
WordPress Plugin Cooked-Recipe Cross-Site Scripting (1.7.9)
MySQL CVE-2024-21243 Vulnerability (CVE-2024-21243)
WordPress Plugin TextMe SMS Cross-Site Scripting (1.8.8)
WordPress Plugin WooCommerce Unspecified Vulnerability (3.5.3)
Apache HTTP Server Improper Input Validation Vulnerability (CVE-2017-12171)