Relevanssi – A Better Search

Vulnerabilities 28Slug relevanssiLatest version 4.27.0WordPress.org →

Minimum safe version

4.26.0

Update to 4.26.0 or later to address 28 fixable vulnerabilities

Latest available4.27.0 ✓

Medium 4.9

2026-01-07< 4.26.0

CVE-2025-14719

CVE Wordfence

Medium 4.7

2025-05-31< 4.24.6

Relevanssi <= 4.24.5 (Free) and <= 2.27.6 (Premium) - Unauthenticated Stored Cross-Site Scripting via Excerpt Highlights

EUVD Wordfence CVE

High 7.5

2025-05-13< 4.24.5

Relevanssi <= 4.24.4 (Free) and <= 2.27.5 (Premium) - Unauthenticated SQL Injection

EUVD Wordfence CVE

Medium 6.1

2025-05-07< 4.24.4

Relevanssi <= 4.24.3 (Free) and <= 2.27.4 (Premium) - Unauthenticated Stored Cross-Site Scripting via Search Highlights

EUVD Wordfence Patchstack CVE

Medium 5.4

2024-10-08< 4.23.1

CVE-2024-9021

CVE Patchstack Wordfence

High 7.5

2024-08-16< 4.23.0

CVE-2024-7630

CVE Patchstack Wordfence

High 8.2

2024-04-09< 4.22.2

CVE-2024-3213

CVE Wordfence Patchstack Patchstack

Critical 9.8

2024-04-09< 4.22.2

CVE-2024-3214

CVE Wordfence Patchstack

Medium 5.3

2024-03-13< 4.22.1

CVE-2024-1380

CVE Wordfence WPScan

N/A

< 4.22

WordPress Relevanssi Plugin < 4.22 is vulnerable to Sensitive Data Exposure

Patchstack

Medium 5.3

2024-01-29< 4.22.0

CVE-2023-7199

CVE Wordfence WPScan

N/A

< 3.3

Relevanssi 3.2 - Unspecified SQL Injection

WPScan

N/A

< 2.7.3

Relevanssi 2.7.2 - Stored XSS

WPScan

N/A

< 3.6.1

Relevanssi <= 3.6.0 - Authenticated Admin SQL Injection

WPScan

N/A

< 4.14.3

Relevanssi - A Better Search < 4.14.3 - Unauthenticated Stored Cross-Site Scripting

WPScan

N/A

< 4.14.6

Relevanssi - Subscriber+ Unauthorised AJAX Calls

WPScan

N/A

2014-02-25< 3.3.1

Relevanssi <= 3.3 - SQL Injection

Wordfence

N/A

2018-04-10< 3.6.1

Relevanssi <= 3.6.0 - Authenticated (Admin+) SQL Injection

Wordfence

N/A

2021-10-19< 4.14.4

Relevanssi - A Better Search Free & Premium <= 2.16.3 & 4.14.3 - Stored Cross-Site Scripting

Wordfence

N/A

2022-02-15< 4.14.6

Relevanssi – A Better Search < 4.14.6 & Relevanssi – A Better Search Pro < 2.16.5 - Missing Authorization

Wordfence

N/A

2014-03-04< 3.4

WordPress Relevanssi Plugin - SQL Injection

Patchstack

N/A

2015-05-15< 3.3

WordPress Relevanssi Plugin <= 3.2 - SQL Injection

Patchstack

N/A

2021-10-19< 4.14.3

WordPress Relevanssi plugin <= 4.14.2 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Patchstack

N/A

2022-02-15< 4.14.6

WordPress Relevanssi – A Better Search plugin <= 4.14.5 - Unauthorized AJAX Calls vulnerability

Patchstack

N/A

2011-02-24< 2.7.3

WordPress Relevanssi Plugin 2.7.2- Stored XSS

Patchstack

N/A

2015-01-03< 3.3.8

Relevanssi – A Better Search < 3.3.8 - Cross-Site Scripting

Wordfence CVE Patchstack WPScan

Medium 6.1

2017-07-13< 3.5.8

CVE-2017-1000038

CVE Wordfence WPScan

Medium 5.4

2018-04-09< 4.0.5

WordPress Relevanssi plugin <=4.0.4 - Cross-Site Scripting (XSS) vulnerability

Patchstack CVE Wordfence WPScan