Continue reading Premium 1.14.9

Premium 1.14.9

I was alerted yesterday that Relevanssi Premium has a XSS vulnerability. If you are using the “Did you mean” feature, it is possible to construct a search query that contains scripts that are automatically run on the page if the “Did you mean” feature runs. See DXWSecurity report on the vulnerability. Version 1.14.9 fixes this…

Read more Premium 1.14.9 0 Comment on Premium 1.14.9
Continue reading Premium 1.14.6 | Free 3.5.6

Premium 1.14.6 | Free 3.5.6

Relevanssi Premium 1.14.6 and Relevanssi 3.5.6 are important security updates. There’s a SQL injection vulnerability in Relevanssi. It’s not terribly dangerous, as it requires admin access, but it is possible to exploit. Premium also has another security vulnerability: the option import option can be exploited. That exploit also requires admin access. Both of these vulnerabilities…

Read more Premium 1.14.6 | Free 3.5.6 2 Comments on Premium 1.14.6 | Free 3.5.6
Continue reading Premium 1.14.5

Premium 1.14.5

Relevanssi Premium 1.14.5 is a recommended release, as it fixes significant bugs that caused failures when custom fields contained arrays and when front-end plugins created posts. Multisite users are happy to find out meta_query support has been added to multisite searches and the post type filters work better. Relevanssi had problems with plus signs in…

Read more Premium 1.14.5 1 Comment on Premium 1.14.5