Stored XSS Vulnerability in Relevanssi Plugin for WordPress
CVE-2017-1000038

6.1MEDIUM

Key Information:

Vendor
Wordpress
Status
Relevanssi
Vendor
CVE Published:
17 July 2017

Summary

The Relevanssi plugin for WordPress, specifically version 3.5.7.1, contains a vulnerability that allows an attacker to perform stored cross-site scripting (XSS) attacks. This flaw enables unauthorized users to inject malicious JavaScript code into the affected websites, potentially compromising the security of site administrators and users. Attackers could exploit this weakness to execute arbitrary actions on behalf of an authenticated user, posing significant risks to website integrity and user data.

References

https://security.dxw.com/advisories/stored-xss-in-relevan...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.