WordPress · Relevanssi · CVE-2024-9021
Name of the Vulnerable Software and Affected Versions:
Relevanssi WordPress plugin versions prior to 4.23.1
Description:
The issue allows for Stored XSS attacks by embedding malicious scripts, potentially leading to account takeover. This can be exploited by a remote attacker to perform cross-site scripting attacks. The vulnerability exists due to inadequate protection of the webpage structure.
Recommendations:
For versions prior to 4.23.1, update to version 4.23.1 or later to resolve the issue. As a temporary workaround, consider restricting the ability of Contributor+ roles to embed scripts until the update is applied.