CVE-2026-24938
Stored XSS in Better Search β€ 4.2.1 Enables Persistent Attacks
Publication date: 2026-02-03
Last updated on: 2026-02-03
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| better_search | better_search | to 4.2.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2026-24938 is a Cross Site Scripting (XSS) vulnerability that allows malicious scripts to be injected and executed on affected websites. Such vulnerabilities can potentially lead to unauthorized access to user data or manipulation of website content, which may impact the confidentiality and integrity of data.
While the provided information does not explicitly mention compliance with standards like GDPR or HIPAA, XSS vulnerabilities generally pose risks that could lead to non-compliance with these regulations due to potential data breaches or unauthorized data exposure.
To mitigate these risks and maintain compliance, it is recommended to update the Better Search plugin to version 4.2.2 or later, where the vulnerability is fixed.
Can you explain this vulnerability to me?
CVE-2026-24938 is a Cross Site Scripting (XSS) vulnerability affecting the WordPress Better Search Plugin versions up to and including 4.2.1.
This vulnerability allows a malicious actor to inject and execute malicious scripts such as redirects, advertisements, or other HTML payloads on a website when visitors access it.
Exploitation requires user interaction by a privileged user (author or developer role) performing actions like clicking a malicious link, visiting a crafted page, or submitting a form.
The issue is fixed in version 4.2.2 of the plugin.
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute malicious scripts on your website, which may lead to unwanted redirects, display of unauthorized advertisements, or injection of harmful HTML content.
Such actions can compromise the integrity and trustworthiness of your website, potentially affecting user experience and security.
However, exploitation requires interaction by a privileged user, which limits the risk somewhat.
Updating the plugin to version 4.2.2 or later mitigates this vulnerability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of CVE-2026-24938 involves identifying attempts to exploit the Stored Cross Site Scripting (XSS) vulnerability in the Better Search WordPress plugin versions up to 4.2.1.
Since exploitation requires a privileged user interacting with malicious input (such as clicking a crafted link or submitting a form), monitoring web server logs for suspicious input patterns or unusual POST requests targeting the Better Search plugin endpoints can help detect attempts.
There are no specific commands provided in the resources to detect this vulnerability directly.
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'The immediate and recommended mitigation step is to update the Better Search WordPress plugin to version 4.2.2 or later, where this vulnerability is fixed.'}, {'type': 'paragraph', 'content': "Additionally, users can consider using mitigation services such as Patchstack's auto-update feature for vulnerable plugins to ensure timely patching."}] [1]