WP Clinic
Log in Sign up

PLUGIN SECURITY

Is Relevanssi safe?

Known vulnerabilities, PHP compatibility and safer alternatives for the Relevanssi WordPress plugin — checked against WP Clinic's local security database.

Plugin details

  • Slug: relevanssi
  • Requires PHP: 7.1+
  • Max supported PHP (analyzed): 8.4

Known vulnerabilities

  • Relevanssi &#8211; A Better Search [relevanssi] < 4.0.5 [CVE-2018-9034, WordPress Relevanssi plugin <=4.0.4 - Cross-Site Scripting (XSS) vulnerability, Relevanssi <= 4.0.4 - Cross-Site Scripting, Relevanssi &lt;= 4.0.4 - Cross-Site Scripting (XSS)]
  • Relevanssi &#8211; A Better Search [relevanssi] < 3.5.8 [CVE-2017-1000038, Relevanssi – A Better Search <= 3.5.7.1 - Stored Cross-Site Scripting, Relevanssi &lt;= 3.5.7 - Stored Cross-Site Scripting (XSS)]
  • Relevanssi &#8211; A Better Search [relevanssi] < 3.3.8 [CVE-2014-9443, WordPress Relevanssi Plugin <= 3.3.7 - XSS, Relevanssi – A Better Search < 3.3.8 - Cross-Site Scripting, Relevanssi &lt;= 3.3.7.1 - Cross-Site Scripting (XSS)]
  • Relevanssi &#8211; A Better Search [relevanssi] < 2.7.3 [WordPress Relevanssi Plugin 2.7.2- Stored XSS]
  • Relevanssi &#8211; A Better Search [relevanssi] < 4.14.6 [WordPress Relevanssi – A Better Search plugin <= 4.14.5 - Unauthorized AJAX Calls vulnerability]
+ 23 more known vulnerabilities
  • Relevanssi &#8211; A Better Search [relevanssi] < 4.14.3 [WordPress Relevanssi plugin <= 4.14.2 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability]
  • Relevanssi &#8211; A Better Search [relevanssi] < 3.3 [WordPress Relevanssi Plugin <= 3.2 - SQL Injection]
  • Relevanssi &#8211; A Better Search [relevanssi] < 3.4 [WordPress Relevanssi Plugin - SQL Injection]
  • Relevanssi &#8211; A Better Search [relevanssi] < 4.14.6 [Relevanssi – A Better Search < 4.14.6 & Relevanssi – A Better Search Pro < 2.16.5 - Missing Authorization]
  • Relevanssi &#8211; A Better Search [relevanssi] < 4.14.4 [Relevanssi - A Better Search Free & Premium <= 2.16.3 & 4.14.3 - Stored Cross-Site Scripting]
  • Relevanssi &#8211; A Better Search [relevanssi] < 3.6.1 [Relevanssi <= 3.6.0 - Authenticated (Admin+) SQL Injection]
  • Relevanssi &#8211; A Better Search [relevanssi] < 3.3.1 [Relevanssi <= 3.3 - SQL Injection]
  • Relevanssi &#8211; A Better Search [relevanssi] < 4.14.6 [Relevanssi - Subscriber+ Unauthorised AJAX Calls]
  • Relevanssi &#8211; A Better Search [relevanssi] < 4.14.3 [Relevanssi - A Better Search &lt; 4.14.3 - Unauthenticated Stored Cross-Site Scripting]
  • Relevanssi &#8211; A Better Search [relevanssi] < 3.6.1 [Relevanssi &lt;= 3.6.0 - Authenticated Admin SQL Injection]
  • Relevanssi &#8211; A Better Search [relevanssi] < 2.7.3 [Relevanssi 2.7.2 - Stored XSS]
  • Relevanssi &#8211; A Better Search [relevanssi] < 3.3 [Relevanssi 3.2 - Unspecified SQL Injection]
  • Relevanssi &#8211; A Better Search [relevanssi] < 4.22.0 [CVE-2023-7199, Relevanssi <= 4.21.2 (Free) and < 2.25.0 (Premium) - Missing Authorization to Unauthorized Post Access, Relevanssi (Free &lt; 4.22.0, Premium &lt; 2.25.0) - Unauthenticated Private/Draft Post Disclosure]
  • Relevanssi &#8211; A Better Search [relevanssi] < 4.22 [WordPress Relevanssi Plugin < 4.22 is vulnerable to Sensitive Data Exposure]
  • Relevanssi &#8211; A Better Search [relevanssi] < 4.22.1 [CVE-2024-1380, Relevanssi – A Better Search <= 4.22.0 (Free) and <= 2.25.0 (Premium) - Missing Authorization to Unauthenticated Query Log Export, Relevanssi &lt; 4.22.1 - Unauthenticated Query Log Export]
  • Relevanssi &#8211; A Better Search [relevanssi] < 4.22.2 [CVE-2024-3214, Relevanssi – A Better Search <= 4.22.1 - Unauthenticated Second Order CSV Injection, WordPress Relevanssi Plugin <= 4.22.1 is vulnerable to CSV Injection]
  • Relevanssi &#8211; A Better Search [relevanssi] < 4.22.2 [CVE-2024-3213, Relevanssi – A Better Search <= 4.22.1 - Missing Authorization to Unauthenticated Count Option Update, WordPress Relevanssi Premium Plugin <= 2.25.1 is vulnerable to Broken Access Control, WordPress Relevanssi Plugin <= 4.22.1 is vulnerable to Broken Access Control]
  • Relevanssi &#8211; A Better Search [relevanssi] < 4.23.0 [CVE-2024-7630, Relevanssi <= 4.22.2 (Free) and <= 2.25.1 (Premium) - Unauthenticated Information Exposure, WordPress Relevanssi Plugin <= 4.22.2 is vulnerable to Sensitive Data Exposure]
  • Relevanssi &#8211; A Better Search [relevanssi] < 4.23.1 [CVE-2024-9021, WordPress Relevanssi Plugin < 4.23.1 is vulnerable to Cross Site Scripting (XSS), Relevanssi – A Better Search <= 4.23.0 (Free) and <= 2.26.0 (Premium) - Authenticated (Contributor+) Stored Cross-Site Scripting]
  • Relevanssi &#8211; A Better Search [relevanssi] < 4.24.4 [CVE-2025-4054, Relevanssi <= 4.24.3 (Free) and <= 2.27.4 (Premium) - Unauthenticated Stored Cross-Site Scripting via Search Highlights, EUVD-2025-13660, WordPress Relevanssi Plugin <= 4.24.3 is vulnerable to Cross Site Scripting (XSS)]
  • Relevanssi &#8211; A Better Search [relevanssi] < 4.24.5 [CVE-2025-4396, Relevanssi <= 4.24.4 (Free) and <= 2.27.5 (Premium) - Unauthenticated SQL Injection, EUVD-2025-14360]
  • Relevanssi &#8211; A Better Search [relevanssi] < 4.24.6 [CVE-2025-5016, Relevanssi <= 4.24.5 (Free) and <= 2.27.6 (Premium) - Unauthenticated Stored Cross-Site Scripting via Excerpt Highlights, EUVD-2025-16540]
  • Relevanssi &#8211; A Better Search [relevanssi] < 4.26.0 [CVE-2025-14719, Relevanssi < 4.26.0 (Free) < 2.29.0 (Premium) - Authenticated (Contributor+) SQL Injection]

Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.

Safer / more established alternatives

Check your own WordPress site

Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.