Description
The Ricerca – advanced search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's settings in all versions up to, and including, 1.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Published: 2026-03-21
Score: 4.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Stored Cross‑Site Scripting via plugin settings that allows administrators to inject arbitrary scripts
Action: Apply Patch
AI Analysis

Impact

The Ricerca – advanced search plugin for WordPress contains a stored cross‑site scripting flaw in its configuration page. An authenticated user with administrator-level privileges can insert JavaScript that is later rendered in pages viewed by other users. This enables attackers to deface a site, steal credentials, hijack sessions, or load malicious content. The flaw is rated moderate (CVSS 4.4) and is not listed in the CISA Known Exploited Vulnerabilities catalog.

Affected Systems

Any WordPress installation running Ricerca – advanced search version 1.1.12 or earlier, including multi‑site setups and those that have disabled the unfiltered_html capability, is vulnerable. The affected product is provided by systemsrtk as the Ricerca – advanced search plugin.

Risk and Exploitability

Exploitation requires administrator authentication, meaning the attacker must already possess administrative rights. Once the script is stored via the settings page, it will execute automatically for all users who view affected pages. The moderate CVSS score indicates that while the vulnerability is non‑critical, it can still have significant impact in environments where administrative privileges are widely distributed. No EPSS score is available, so it is unclear how frequently this vulnerability is actively exploited. The absence from the KEV list suggests it has not been widely weaponised yet.

Generated by OpenCVE AI on March 21, 2026 at 06:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Ricerca – advanced search to the latest release where this issue is fixed.
  • If an upgrade cannot be applied immediately, disable or remove the plugin from all sites until a patch is available.
  • Verify that the unfiltered_html capability is granted only to trusted administrators; consider disabling it entirely to reduce injection risk.
  • Audit all scripts added via the plugin’s settings and remove any malicious or suspicious code.

Generated by OpenCVE AI on March 21, 2026 at 06:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Systemsrtk
Systemsrtk ricerca – Advanced Search
Wordpress
Wordpress wordpress
Vendors & Products Systemsrtk
Systemsrtk ricerca – Advanced Search
Wordpress
Wordpress wordpress

Sat, 21 Mar 2026 05:30:00 +0000

Type Values Removed Values Added
Description The Ricerca – advanced search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's settings in all versions up to, and including, 1.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Title Ricerca – advanced search <= 1.1.12 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Settings
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N'}

Subscriptions

Systemsrtk Ricerca – Advanced Search
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:28:11.722Z

Reserved: 2026-02-19T21:38:17.600Z

Link: CVE-2026-2837

cve-icon Vulnrichment

Updated: 2026-03-23T16:56:38.955Z

cve-icon NVD

Status : Deferred

Published: 2026-03-21T04:17:12.993

Modified: 2026-04-24T16:27:44.277

Link: CVE-2026-2837

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:41:28Z

Weaknesses