Relevanssi Premium 1.14.6 and Relevanssi 3.5.6 are important security updates. There’s a SQL injection vulnerability in Relevanssi. It’s not terribly dangerous, as it requires admin access, but it is possible to exploit. Premium also has another security vulnerability: the option import option can be exploited. That exploit also requires admin access.
Both of these vulnerabilities are fixed in these updates.
These updates also fix a small problem where Relevanssi didn’t highlight terms that were followed by a ?, ! or an apostrophe. There’s also a new filter hook
relevanssi_ok_to_log that makes it easier to control query logging.
The free version can be downloaded from the repository, Premium can be downloaded through automatic updates or from the download page.
2 comments Premium 1.14.6 | Free 3.5.6
This update broke all 5 sites I applied it to. No search results in most cases, PHP errors on front end in a few cases.
Yes, it did. Please download the new update, that’ll fix the problem.