Posted on

Premium 1.14.6 | Free 3.5.6

Relevanssi Premium 1.14.6 and Relevanssi 3.5.6 are important security updates. There’s a SQL injection vulnerability in Relevanssi. It’s not terribly dangerous, as it requires admin access, but it is possible to exploit. Premium also has another security vulnerability: the option import option can be exploited. That exploit also requires admin access.

Both of these vulnerabilities are fixed in these updates.

These updates also fix a small problem where Relevanssi didn’t highlight terms that were followed by a ?, ! or an apostrophe. There’s also a new filter hook relevanssi_ok_to_log that makes it easier to control query logging.

The free version can be downloaded from the repository, Premium can be downloaded through automatic updates or from the download page.

  • slewisma

    This update broke all 5 sites I applied it to. No search results in most cases, PHP errors on front end in a few cases.

    • Yes, it did. Please download the new update, that’ll fix the problem.