Premium 1.14.9

I was alerted yesterday that Relevanssi Premium has a XSS vulnerability. If you are using the “Did you mean” feature, it is possible to construct a search query that contains scripts that are automatically run on the page if the “Did you mean” feature runs.

See DXWSecurity report on the vulnerability.

Version 1.14.9 fixes this vulnerability. If you use the “Did you mean” feature on your site, upgrade the plugin immediately. There are also other bug fixes and small improvements in the new version:

Did you mean function had a XSS vulnerability, which is now removed.
Minimum word length wasn’t applied to titles in indexing. It is now fixed. If you think this is a problem, rebuild the index.
TablePress compatibility has been improved.
Meta query handling has been improved, thanks to Maxime Culea.
Improved WP_Query parameter support: setting query variable sentence to 1 forces phrase search.

Get the new version from the plugin auto update or from the download page.

Your account

Not logged in. Log in to see your license details.

Search

Popular Resources

Spam search blocking

…results You can also use Relevanssi spam blocking to block bots from search results pages. This can be useful: search engine bots can hit your site search a lot, with little benefit. According to Google’s John Muller, Google doesn’t want your internal site search pages in the index. They create…

Scroll result page to the search term

Relevanssi can highlight search terms on the posts. But how about scrolling the page to show the location where the…

Pin a post for all searches

Relevanssi Premium has tools for pinning posts for specific queries and all searches where the post appears, but what if…