PT-2026-1561 · WordPress · Relevanssi Premium+1

Drew Webber

·

Published

2026-01-07

·

Updated

2026-01-07

·

CVE-2025-14719

CVSS v3.1

4.9

Medium

VectorAV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Relevanssi WordPress plugin versions prior to 4.26.0 Relevanssi Premium WordPress plugin versions prior to 2.29.0
Description The Relevanssi and Relevanssi Premium WordPress plugins do not properly sanitize and escape a parameter before its use in a SQL statement. This allows users with contributor roles or higher to execute SQL injection attacks. The vulnerable parameter is used within a SQL query, potentially allowing malicious code to be injected and executed on the database server.
Recommendations Update Relevanssi to version 4.26.0 or later. Update Relevanssi Premium to version 2.29.0 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CVE-2025-14719

Affected Products

Relevanssi
Relevanssi Premium