Medium severity6.1NVD Advisory· Published May 7, 2025· Updated Jun 17, 2026
CVE-2025-4054
CVE-2025-4054
Description
The Relevanssi – A Better Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the highlights functionality in all versions up to, and including, 4.24.3 (Free) and <= 2.27.4 (Premium), due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page via the search results.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=2.27.4
- Range: <=4.24.3 (Free) and <=2.27.4 (Premium)
Patches
Vulnerability mechanics
References
5- plugins.trac.wordpress.org/browser/relevanssi/tags/4.24.3/lib/excerpts-highlights.phpnvd
- plugins.trac.wordpress.org/browser/relevanssi/tags/4.24.3/lib/excerpts-highlights.phpnvd
- plugins.trac.wordpress.org/changeset/3283795/nvd
- www.relevanssi.com/user-manual/installing-relevanssi-and-adjusting-the-settings/nvd
- www.wordfence.com/threat-intel/vulnerabilities/id/6f77f10b-f142-4859-a941-0fbde6ef7fdbnvd
News mentions
0No linked articles in our index yet.