CVE-2025-4054 identifies a stored cross-site scripting vulnerability in the Relevanssi – A Better Search plugin for WordPress, versions up to and including 4.24.3. The vulnerability stems from improper neutralization of input during web page generation, specifically within the highlights feature of the plugin. Attackers can exploit this by injecting arbitrary JavaScript code into the search results pages without requiring authentication. When a user accesses a search result page containing the malicious payload, the script executes in the context of the victim’s browser, potentially leading to session hijacking, credential theft, or other malicious actions. The vulnerability is classified under CWE-79, indicating improper input sanitization and output escaping. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) reflects that the attack is network-based, requires low attack complexity, no privileges, but does require user interaction and impacts confidentiality and integrity with scope change. Although no public exploits are known yet, the widespread use of WordPress and this popular plugin increases the risk of future exploitation. The lack of a patch link suggests that a fix may not yet be available, emphasizing the need for immediate mitigation steps.

The vulnerability allows unauthenticated attackers to inject persistent malicious scripts into WordPress sites using the Relevanssi plugin, which execute when users view search results. This can lead to theft of sensitive information such as cookies or session tokens, enabling account takeover or unauthorized actions on behalf of users. The integrity of displayed content can be compromised, misleading users or defacing the site. Although availability is not directly affected, the trustworthiness of the affected websites can be severely damaged, potentially leading to reputational harm and loss of user confidence. Organizations relying on this plugin for search functionality face increased risk of targeted attacks, especially those with high user interaction or sensitive data. The scope change in the CVSS vector indicates that the vulnerability can affect resources beyond the initially vulnerable component, increasing the overall risk.

1. Immediately update the Relevanssi plugin to a patched version once available from the vendor or disable the highlights functionality if feasible. 2. Implement a Web Application Firewall (WAF) with rules to detect and block malicious scripts targeting the highlights feature or search input parameters. 3. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts on the website. 4. Sanitize and validate all user inputs on the server side, especially those related to search queries and highlights, to prevent injection of malicious code. 5. Monitor web server and application logs for unusual search queries or repeated attempts to inject scripts. 6. Educate site administrators and users about the risks of clicking on suspicious search results and encourage reporting of anomalies. 7. Consider isolating or sandboxing the search results page to limit the impact of potential script execution. 8. Regularly audit WordPress plugins for vulnerabilities and maintain an up-to-date inventory to prioritize patching.