84 matches found
CVE-2025-5016 Relevanssi <= 4.24.5 (Free) and <= 2.27.6 (Premium) - Unauthenticated Stored Cross-Site Scripting via Excerpt Highlights
The Relevanssi – A Better Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Excerpt Highlights in all versions up to, and including, 4.24.5 Free and 2.27.6 Premium due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2025-5016
CVE-2025-5016 affects Relevanssi – A Better Search for WordPress. The vulnerability is a Stored Cross-Site Scripting flaw via the Excerpt Highlights feature in all versions up to 4.24.5 (Free) and 2.27.6 (Premium), caused by insufficient input sanitization and output escaping. Result: unauthentic...
CVE-2025-5016 Relevanssi <= 4.24.5 (Free) and <= 2.27.6 (Premium) - Unauthenticated Stored Cross-Site Scripting via Excerpt Highlights
The Relevanssi – A Better Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Excerpt Highlights in all versions up to, and including, 4.24.5 Free and 2.27.6 Premium due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
WordPress plugin Relevanssi 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-23367 · WordPress · Relevanssi
Name of the Vulnerable Software and Affected Versions: Relevanssi – A Better Search plugin for WordPress versions up to, and including, 4.24.5 Free and 2.27.6 Premium Description: The issue is related to Stored Cross-Site Scripting via the Excerpt Highlights due to insufficient input sanitization...
CVE-2024-3213
The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the relevanssiupdatecounts function in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to execute expensive...
CVE-2024-1380
The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssiexportlogcheck function in all versions up to, and including, 4.22.0 Free and 2.25.0 Premium. This makes it possible for unauthenticated attackers ...
CVE-2024-7573
The Relevanssi Live Ajax Search plugin for WordPress is vulnerable to argument injection in all versions up to, and including, 2.4. This is due to insufficient validation of input supplied via POST data in the 'search' function. This makes it possible for unauthenticated attackers to inject...
CVE-2024-7630
The Relevanssi – A Better Search plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.22.2 Free and 2.25.1 Premium via the relevanssidoquery due to insufficient limitations on the posts that are returned when searching. This makes it possible for...
CVE-2024-3214
The Relevanssi – A Better Search plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are...
CVE-2024-9021
In the process of testing the Relevanssi WordPress plugin before 4.23.1, a vulnerability was found that allows you to implement Stored XSS on behalf of the Contributor+ by embedding malicious script, which entails account takeover backdoor...
CVE-2014-9443
Cross-site scripting XSS vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2025-4396
The Relevanssi – A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats and tags query parameters in all versions up to, and including, 4.24.4 Free and = 2.27.5 Premium due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2025-4396 Relevanssi <= 4.24.4 (Free) and <= 2.27.4 (Premium) - Unauthenticated SQL Injection
The Relevanssi – A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats and tags query parameters in all versions up to, and including, 4.24.4 Free and = 2.27.4 Premium due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2025-4396
The CVE-2025-4396 entry documents an unauthenticated, time-based SQL Injection in the Relevanssi – A Better Search WordPress plugin via the cats and tags parameters. Affected versions include all up to 4.24.4 (Free) and up to 2.27.5 (Premium); the root cause is insufficient escaping/processing of...
CVE-2025-4396 Relevanssi <= 4.24.4 (Free) and <= 2.27.5 (Premium) - Unauthenticated SQL Injection
The Relevanssi – A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats and tags query parameters in all versions up to, and including, 4.24.4 Free and = 2.27.5 Premium due to insufficient escaping on the user supplied parameter and lack of sufficient...
PT-2025-20826
Name of the Vulnerable Software and Affected Versions Relevanssi – A Better Search plugin for WordPress versions 4.24.4 and earlier Free and versions 2.27.4 and earlier Premium Description The Relevanssi – A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats...
WordPress plugin Relevanssi SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...
WordPress Relevanssi plugin <= 4.24.4 - Unauthenticated SQL Injection
Unauthenticated SQL Injection vulnerability discovered by Jack Taylor in WordPress Plugin Relevanssi versions = 4.24.4...
CVE-2025-4054
The Relevanssi – A Better Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the highlights functionality in all versions up to, and including, 4.24.3 Free and = 2.27.4 Premium, due to insufficient input sanitization and output escaping. This makes it possible for...