VYPR

Relevanssi Premium

by WordPress

CVEs (5)

  • CVE-2016-10949HigSep 13, 2019
    risk 0.57cvss 8.8epss 0.02

    The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization.

  • CVE-2023-7199MedJan 29, 2024
    risk 0.34cvss 5.3epss 0.01

    The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0 allows any unauthenticated user to read draft and private posts via a crafted request

  • CVE-2025-4054MedMay 7, 2025
    risk 0.33cvss 6.1epss 0.00

    The Relevanssi – A Better Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the highlights functionality in all versions up to, and including, 4.24.3 (Free) and <= 2.27.4 (Premium), due to insufficient input sanitization and output escaping. This…

  • CVE-2025-14719MedJan 7, 2026
    risk 0.32cvss 4.9epss 0.00

    The Relevanssi WordPress plugin before 4.26.0, Relevanssi Premium WordPress plugin before 2.29.0 do not sanitize and escape a parameter before using it in a SQL statement, allowing contributor and above roles to perform SQL injection attacks

  • CVE-2025-5016MedMay 31, 2025
    risk 0.31cvss 4.7epss 0.00

    The Relevanssi – A Better Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Excerpt Highlights in all versions up to, and including, 4.24.5 (Free) and 2.27.6 (Premium) due to insufficient input sanitization and output escaping. This makes it…