Cross-Site Scripting (XSS) vulnerability found in WordPress Relevanssi plugin (versions <=4.0.4). Attackers can inject arbitrary JavaScript or HTML via the GET parameter.
09.04.2018 - Several sources claim that you need to update to the version 4.1, but we were unable to find this version on the plugin page at WordPress.org