Posted on

Premium 1.13.2

1.13.2 is a maintenance release and generally recommended, as it fixes minor bugs and a possible XSS vulnerability.

  • Fixed a bug that caused the results to change depending of the order of words in a multi-word search query.
  • Added product_categories and recent_products from WooCommerce to the list of blocked shortcodes.
  • There are improvements in excerpt-building and highlighting, especially when fuzzy search is enabled.
  • Fixed a possible (if quite unlikely) XSS vulnerability.
  • Improved search performance (thanks to MikeNGarrett).
  • Sometimes highlights in documents make the document content disappear. I don’t know why, but I’ve added a fix that should make the content visible (without the highlights) if a problem appears.

The XSS vulnerability is related to stopwords: the list of stopwords is printed out unescaped on the Relevanssi settings page in WP admin dashboard. There’s some potential for a XSS vulnerability there, but in order to attack this way, the attacker needs to have admin rights to your WP site in the first place. 1.13.2 fixes the vulnerability in any case.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.