CVE-2025-5016
📋 TL;DR
The Relevanssi WordPress plugin has a stored XSS vulnerability in excerpt highlighting functionality. Unauthenticated attackers can inject malicious scripts that execute when users view affected pages. All WordPress sites using vulnerable plugin versions are affected.
💻 Affected Systems
- Relevanssi – A Better Search WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal admin credentials, deface websites, redirect users to malicious sites, or install backdoors for persistent access.
Likely Case
Attackers inject malicious scripts to steal user session cookies, redirect to phishing pages, or display unwanted content.
If Mitigated
With proper WAF rules and content security policies, script execution could be blocked, limiting impact to script injection without execution.
🎯 Exploit Status
Stored XSS vulnerabilities are commonly exploited, and unauthenticated access makes this particularly dangerous.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Free: 4.24.6+, Premium: 2.27.7+
Vendor Advisory: https://wordpress.org/plugins/relevanssi/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Relevanssi plugin. 4. Click 'Update Now' if available. 5. If manual update needed, download latest version from WordPress.org and replace plugin files.
🔧 Temporary Workarounds
Disable Excerpt Highlighting
allTemporarily disable the vulnerable excerpt highlighting feature
Add to theme's functions.php: add_filter('relevanssi_highlight_excerpt', '__return_false');
Content Security Policy
allImplement CSP headers to restrict script execution
Add to .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Or add to wp-config.php: header("Content-Security-Policy: default-src 'self'; script-src 'self'");
🧯 If You Can't Patch
- Disable the Relevanssi plugin entirely until patched
- Implement web application firewall rules to block XSS payloads
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins → Relevanssi versionCheck Version:
wp plugin list --name=relevanssi --field=versionVerify Fix Applied:
Verify plugin version is Free 4.24.6+ or Premium 2.27.7+📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to search endpoints
- Script tags in search/excerpt parameters
- Multiple failed XSS attempts
Network Indicators:
- Inbound requests with script payloads in parameters
- Outbound connections to suspicious domains after search queries
SIEM Query:
source="wordpress.log" AND ("relevanssi" OR "excerpt") AND ("<script>" OR "javascript:" OR "onerror=" OR "onload=")