Posted on

Premium 1.14.6 | Free 3.5.6

Relevanssi Premium 1.14.6 and Relevanssi 3.5.6 are important security updates. There’s a SQL injection vulnerability in Relevanssi. It’s not terribly dangerous, as it requires admin access, but it is possible to exploit. Premium also has another security vulnerability: the option import option can be exploited. That exploit also requires admin access.

Both of these vulnerabilities are fixed in these updates.

These updates also fix a small problem where Relevanssi didn’t highlight terms that were followed by a ?, ! or an apostrophe. There’s also a new filter hook relevanssi_ok_to_log that makes it easier to control query logging.

The free version can be downloaded from the repository, Premium can be downloaded through automatic updates or from the download page.

2 comments Premium 1.14.6 | Free 3.5.6

  1. This update broke all 5 sites I applied it to. No search results in most cases, PHP errors on front end in a few cases.

Leave a Reply

Are you a Relevanssi Premium customer looking for support? Please use the Premium support form.

Your email address will not be published. Required fields are marked *