Main Vulnerability Database Vulnerabilities #VU37893

Cross-site scripting in Relevanssi WordPress Plugin - CVE-2017-1000225

Published: November 17, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU37893

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-1000225

CWE-ID: CWE-79

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mikko Saari

Affected software:
Relevanssi WordPress Plugin

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Reflected XSS in Relevanssi Premium version 1.14.8 when using relevanssi_didyoumean() could allow unauthenticated attacker to do almost anything an admin can

How to mitigate CVE-2017-1000225

Install update from vendor's website.

Sources

https://security.dxw.com/advisories/reflected-xss-in-relevanssi-premium-when-using-relevanssi_didyoumean-could-allow-unauthenticated-attacker-to-do-almost-anything-an-admin-can/

Cross-site scripting in Relevanssi WordPress Plugin - CVE-2017-1000225

Detailed vulnerability description

How to mitigate CVE-2017-1000225

Sources

Please verify you're human