Home

Description

The Relevanssi WordPress plugin before 4.26.0, Relevanssi Premium WordPress plugin before 2.29.0 do not sanitize and escape a parameter before using it in a SQL statement, allowing contributor and above roles to perform SQL injection attacks

PUBLISHED Reserved 2025-12-15 | Published 2026-01-07 | Updated 2026-01-07 | Assigner WPScan

Problem types

CWE-89 SQL Injection

Product status

Default status
unaffected

Any version before 4.26.0
affected

Default status
unaffected

Any version before 2.29.0
affected

Credits

Drew Webber (mcdruid) finder

WPScan coordinator

References

wpscan.com/...rability/bd8e27c7-8f97-4313-b16e-50ac6f0676f5/ exploit

wpscan.com/...rability/bd8e27c7-8f97-4313-b16e-50ac6f0676f5/ exploit vdb-entry technical-description

cve.org (CVE-2025-14719)

nvd.nist.gov (CVE-2025-14719)

Download JSON