WordPress Plugin Vulnerabilities

Relevanssi Premium < 1.14.6.1 - SQL Injection & PHP Object Injection

Description

The relevanssi-premium WordPress plugin was affected by a SQL Injection & PHP Object Injection security vulnerability.

Affects Plugins

Plugin icon
relevanssi-premium
Fixed in 1.14.6.1

References

CVE
CVE-2016-10949
URL
https://advisories.dxw.com/advisories/sql-injection-and-unserialization-vulnerability-in-relevanssi-premium-could-allow-admins-to-execute-arbitrary-code-in-some-circumstances/
URL
https://www.relevanssi.com/
URL
https://seclists.org/fulldisclosure/2016/Nov/109

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
5c9b3d02-b23c-4d35-91f3-68570f808237

Timeline

Publicly Published
2016-11-17 (about 9 years ago)
Added
2016-11-21 (about 9 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2015-07-11
Title
CP Contact Form with Paypal <= 1.1.5 - Multiple Vulnerabilities
Published
2015-05-13
Title
Booking Calendar Contact Form <= 1.0.2 - Multiple Authenticated Vulnerabilities
Published
2014-08-01
Title
Google Alert And Twitter 3.1.5 - XSS Exploit, SQL Injection
Published
2014-08-01
Title
Spider Calendar 1.3.0 - Multiple Vulnerabilities
Published
2015-01-03
Title
SimpleFlickr 3.0.3 - CSRF & XSS