Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Relentless Apps RRSSB rrssb allows DOM-Based XSS.This issue affects RRSSB: from n/a through <= 1.0.1.
Published: 2025-04-24
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The lies in the Relentless Apps RRSSB WordPress plugin, which uses improper input neutralization during web page generation. An attacker can inject arbitrary scripts that execute in the browser context, enabling DOM‑based cross‑site scripting. Since the payload runs in the victim’s browser, it can steal session cookies, deface content, or perform other client‑side attacks, but it does not grant direct server‑side compromise.

Affected Systems

The error affects the RRSSB plugin from the initial release up through version 1.0.1. Any WordPress installation running one of these versions and using the plugin is vulnerable. The plugin is distributed under Relentless Apps, and no other WordPress core or plugin components are impacted.

Risk and Exploitability

The CVSS score of 6.5 indicates a medium severity. The EPSS score of less than 1% suggests that widespread exploitation is unlikely as of the latest data. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is user interaction with blog content rendered by the plugin. Attackers could target high‑traffic sites, but currently the exploitation probability remains low.

Generated by OpenCVE AI on May 2, 2026 at 01:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the RRSSB WordPress plugin to a version greater than 1.0.1.
  • If update is unavailable, remove or disable the RRSSB plugin entirely to eliminate the XSS vector.
  • Implement a Content Security Policy that blocks inline scripts and disallows unsafe‑inline execution to mitigate the XSS risk.

Generated by OpenCVE AI on May 2, 2026 at 01:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-12057 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Relentless Apps RRSSB allows DOM-Based XSS. This issue affects RRSSB: from n/a through 1.0.1.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Relentless Apps RRSSB allows DOM-Based XSS. This issue affects RRSSB: from n/a through 1.0.1. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Relentless Apps RRSSB rrssb allows DOM-Based XSS.This issue affects RRSSB: from n/a through <= 1.0.1.
Title WordPress RRSSB <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability WordPress RRSSB plugin <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L'}

Sat, 26 Apr 2025 08:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 24 Apr 2025 16:15:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Relentless Apps RRSSB allows DOM-Based XSS. This issue affects RRSSB: from n/a through 1.0.1.
Title WordPress RRSSB <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:38.054Z

Reserved: 2025-04-24T14:22:30.738Z

Link: CVE-2025-46461

cve-icon Vulnrichment

Updated: 2025-04-24T19:53:28.871Z

cve-icon NVD

Status : Deferred

Published: 2025-04-24T16:15:36.900

Modified: 2026-04-23T15:30:02.177

Link: CVE-2025-46461

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T02:00:15Z

Weaknesses