EIP-2026-114006

PRE-CVE

WordPress Plugin Relevanssi 2.7.2 - Persistent Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114006. PoCs published by Saif El-Sherei.

AI-analyzed exploit summary This is a writeup describing a stored XSS vulnerability in the Relevanssi WordPress plugin version 2.7.2. The vulnerability allows an attacker to inject malicious HTML code via the 'search Query' variable, which is displayed unsanitized in the 'User Searches' section of the admin dashboard.

Description

WordPress Plugin Relevanssi 2.7.2 - Persistent Cross-Site Scripting

Exploits (1)

exploitdb WRITEUP VERIFIED

by Saif El-Sherei · textwebappsphp

https://www.exploit-db.com/exploits/16233

View Code ZIP pw:eip

This is a writeup describing a stored XSS vulnerability in the Relevanssi WordPress plugin version 2.7.2. The vulnerability allows an attacker to inject malicious HTML code via the 'search Query' variable, which is displayed unsanitized in the 'User Searches' section of the admin dashboard.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Relevanssi WordPress plugin 2.7.2

No auth needed

Prerequisites: Log search queries must be enabled in the plugin settings

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026