Relevanssi <= 4.0.4 – Cross-Site Scripting (XSS

Yes, this was fixed immediately after I heard of it, and was already fixed in 4.0.5 (the report says it’ll be fixed in 4.1, but the report is wrong).

Great!

@msaari is there a way you can fix the report at https://wpvulndb.com/vulnerabilities/9059?

I’m getting emails from WP Manager and other platforms alerting me about this vulnerability, but as you said you fixed it in 4.0.5.

If you can’t change the version from 4.1 to 4.0.5, could you release version 4.1? I bet it’s being annoying to me and also other people.

Thanks.

I have no way to fix the report; I didn’t create it in the first place.

I’ve contacted the DB and asked them to fix the version number, but yeah, I’ll probably have to release 4.1 to fix this.

Very swift action from the DB team! The vulnerability is now fixed to have the right version number, and hopefully this’ll reduce the number of false alerts.

Nice!

I need to report the status of this issue to my Security Team. You say it was identified and immediately address in v4.0.5, but we are still getting reports form (2) two different sources that is it still vulnerable.

We understand that it is a Cross Scripting issue, but what we don’t understand is WHY it’s still reporting as an issue.

Please advise.

It was initially reported as fixed in 4.1, so if your sources are still based on that old data, then it’s going to show up as vulnerable.

I’ll release the next version as 4.1 instead of 4.0.8, that should help.