Description
WordPress Plugin Relevanssi-A Better Search is prone to an HTML injection vulnerability because it fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code could be executed in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible. WordPress Plugin Relevanssi-A Better Search version 2.7.2 is vulnerable; other versions may also be affected.
Remediation
Update to plugin version 2.7.3 or latest
References
http://www.exploit-db.com/exploits/16233/
http://packetstormsecurity.com/files/98710/Relevanssi-2.7.2-Cross-Site-Scripting.html
Related Vulnerabilities
b2evolution Other Vulnerability (CVE-2007-2681)
WordPress Plugin Pondol Form to Mail Cross-Site Scripting (1.1)
WordPress Plugin rtMedia for WordPress, BuddyPress and bbPress Cross-Site Scripting (3.10.1)
WebLogic CVE-2017-10063 Vulnerability (CVE-2017-10063)
Oracle Database Server CVE-2015-2629 Vulnerability (CVE-2015-2629)