# Exploit Title: Relevanssi User Searches WordPress plugin Stored XSS# Date: 20-2-2011# Author: Saif El-Sherei# Software Link: http://downloads.wordpress.org/plugin/relevanssi.2.7.2.zip# Version: Relevanssi 2.7.2, WordPress 3.0.5# Tested on: FireFox 3.6.13, IE 8# Vendor Response: plugin author released an update to fix this issue
Info:
Relevanssi replaces the standard WordPress search with a better search
engine,with lots of features and configurable options. You'll get better
results, better presentation of results - your users will thank you.
downloaded 34,3963 times.
Details:
Log search queries must be enabled in the plugin settings; A stored XSS
vulnerability exists due to "search Query" variable is displayed & logged
unsanitized in the "User Searches" section in the admin Dashboard, allowing
an attacker to inject malicious HTML code.
POC:<script>alert('XSS');</script>
Solution:
Update to latest plugin version
