PT-2026-1561 · WordPress · Relevanssi Premium+1
Drew Webber
·
Publicado
2026-01-07
·
Atualizado
2026-01-07
·
CVE-2025-14719
CVSS v3.1
4.9
Média
| Vetor | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Relevanssi WordPress plugin versions prior to 4.26.0
Relevanssi Premium WordPress plugin versions prior to 2.29.0
Description
The Relevanssi and Relevanssi Premium WordPress plugins do not properly sanitize and escape a parameter before its use in a SQL statement. This allows users with contributor roles or higher to execute SQL injection attacks. The vulnerable parameter is used within a SQL query, potentially allowing malicious code to be injected and executed on the database server.
Recommendations
Update Relevanssi to version 4.26.0 or later.
Update Relevanssi Premium to version 2.29.0 or later.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Relevanssi
Relevanssi Premium