WordPress Plugin Vulnerabilities

Relevanssi <= 3.6.0 - Authenticated Admin SQL Injection

Description

The Relevanssi – A Better Search WordPress plugin was affected by an Authenticated Admin SQL Injection security vulnerability.

Affects Plugins

Plugin icon
relevanssi
Fixed in 3.6.1

References

URL
https://advisories.dxw.com/advisories/sqli-relevanssi/
URL
https://seclists.org/fulldisclosure/2018/Apr/20

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89

Miscellaneous

Submitter
Ryan
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
04c725bb-7972-479f-88da-44b2d91f6698

Timeline

Publicly Published
2017-10-03 (about 8 years ago)
Added
2018-04-12 (about 8 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2025-01-06
Title
Altra Side Menu <= 2.0 - Admin+ SQL Injection
Published
2019-01-07
Title
Ninja Forms < 3.3.21.2 - SQL Injection
Published
2015-10-23
Title
wp-championship <= 5.8 - Authenticated Blind SQL Injection
Published
2025-06-27
Title
Hover Effects < 2.1.3 - Authenticated (Administrator+) SQL Injection
Published
2025-07-16
Title
Pinterest Automatic Pin < 4.19.0 - Authenticated (Subscriber+) SQL Injection