CVE-2025-4054

Name of the Vulnerable Software and Affected Versions Relevanssi – A Better Search plugin for WordPress versions up to, and including, 4.24.3

Description The issue is related to Stored Cross-Site Scripting via the highlights functionality due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page via the search results.

Recommendations For Relevanssi – A Better Search plugin for WordPress versions up to, and including, 4.24.3, update to a version later than 4.24.3 to resolve the issue. As a temporary workaround, consider disabling the highlights functionality until a patch is available. Restrict access to search results to minimize the risk of exploitation. Avoid using the search functionality with untrusted input until the issue is resolved.