PLUGIN SECURITY
Is Relevanssi safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the Relevanssi WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
relevanssi - Requires PHP: 7.1+
- Max supported PHP (analyzed): 8.4
Known vulnerabilities
- Relevanssi – A Better Search [relevanssi] < 4.0.5 [CVE-2018-9034, WordPress Relevanssi plugin <=4.0.4 - Cross-Site Scripting (XSS) vulnerability, Relevanssi <= 4.0.4 - Cross-Site Scripting, Relevanssi <= 4.0.4 - Cross-Site Scripting (XSS)]
- Relevanssi – A Better Search [relevanssi] < 3.5.8 [CVE-2017-1000038, Relevanssi – A Better Search <= 3.5.7.1 - Stored Cross-Site Scripting, Relevanssi <= 3.5.7 - Stored Cross-Site Scripting (XSS)]
- Relevanssi – A Better Search [relevanssi] < 3.3.8 [CVE-2014-9443, WordPress Relevanssi Plugin <= 3.3.7 - XSS, Relevanssi – A Better Search < 3.3.8 - Cross-Site Scripting, Relevanssi <= 3.3.7.1 - Cross-Site Scripting (XSS)]
- Relevanssi – A Better Search [relevanssi] < 2.7.3 [WordPress Relevanssi Plugin 2.7.2- Stored XSS]
- Relevanssi – A Better Search [relevanssi] < 4.14.6 [WordPress Relevanssi – A Better Search plugin <= 4.14.5 - Unauthorized AJAX Calls vulnerability]
+ 23 more known vulnerabilities
- Relevanssi – A Better Search [relevanssi] < 4.14.3 [WordPress Relevanssi plugin <= 4.14.2 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability]
- Relevanssi – A Better Search [relevanssi] < 3.3 [WordPress Relevanssi Plugin <= 3.2 - SQL Injection]
- Relevanssi – A Better Search [relevanssi] < 3.4 [WordPress Relevanssi Plugin - SQL Injection]
- Relevanssi – A Better Search [relevanssi] < 4.14.6 [Relevanssi – A Better Search < 4.14.6 & Relevanssi – A Better Search Pro < 2.16.5 - Missing Authorization]
- Relevanssi – A Better Search [relevanssi] < 4.14.4 [Relevanssi - A Better Search Free & Premium <= 2.16.3 & 4.14.3 - Stored Cross-Site Scripting]
- Relevanssi – A Better Search [relevanssi] < 3.6.1 [Relevanssi <= 3.6.0 - Authenticated (Admin+) SQL Injection]
- Relevanssi – A Better Search [relevanssi] < 3.3.1 [Relevanssi <= 3.3 - SQL Injection]
- Relevanssi – A Better Search [relevanssi] < 4.14.6 [Relevanssi - Subscriber+ Unauthorised AJAX Calls]
- Relevanssi – A Better Search [relevanssi] < 4.14.3 [Relevanssi - A Better Search < 4.14.3 - Unauthenticated Stored Cross-Site Scripting]
- Relevanssi – A Better Search [relevanssi] < 3.6.1 [Relevanssi <= 3.6.0 - Authenticated Admin SQL Injection]
- Relevanssi – A Better Search [relevanssi] < 2.7.3 [Relevanssi 2.7.2 - Stored XSS]
- Relevanssi – A Better Search [relevanssi] < 3.3 [Relevanssi 3.2 - Unspecified SQL Injection]
- Relevanssi – A Better Search [relevanssi] < 4.22.0 [CVE-2023-7199, Relevanssi <= 4.21.2 (Free) and < 2.25.0 (Premium) - Missing Authorization to Unauthorized Post Access, Relevanssi (Free < 4.22.0, Premium < 2.25.0) - Unauthenticated Private/Draft Post Disclosure]
- Relevanssi – A Better Search [relevanssi] < 4.22 [WordPress Relevanssi Plugin < 4.22 is vulnerable to Sensitive Data Exposure]
- Relevanssi – A Better Search [relevanssi] < 4.22.1 [CVE-2024-1380, Relevanssi – A Better Search <= 4.22.0 (Free) and <= 2.25.0 (Premium) - Missing Authorization to Unauthenticated Query Log Export, Relevanssi < 4.22.1 - Unauthenticated Query Log Export]
- Relevanssi – A Better Search [relevanssi] < 4.22.2 [CVE-2024-3214, Relevanssi – A Better Search <= 4.22.1 - Unauthenticated Second Order CSV Injection, WordPress Relevanssi Plugin <= 4.22.1 is vulnerable to CSV Injection]
- Relevanssi – A Better Search [relevanssi] < 4.22.2 [CVE-2024-3213, Relevanssi – A Better Search <= 4.22.1 - Missing Authorization to Unauthenticated Count Option Update, WordPress Relevanssi Premium Plugin <= 2.25.1 is vulnerable to Broken Access Control, WordPress Relevanssi Plugin <= 4.22.1 is vulnerable to Broken Access Control]
- Relevanssi – A Better Search [relevanssi] < 4.23.0 [CVE-2024-7630, Relevanssi <= 4.22.2 (Free) and <= 2.25.1 (Premium) - Unauthenticated Information Exposure, WordPress Relevanssi Plugin <= 4.22.2 is vulnerable to Sensitive Data Exposure]
- Relevanssi – A Better Search [relevanssi] < 4.23.1 [CVE-2024-9021, WordPress Relevanssi Plugin < 4.23.1 is vulnerable to Cross Site Scripting (XSS), Relevanssi – A Better Search <= 4.23.0 (Free) and <= 2.26.0 (Premium) - Authenticated (Contributor+) Stored Cross-Site Scripting]
- Relevanssi – A Better Search [relevanssi] < 4.24.4 [CVE-2025-4054, Relevanssi <= 4.24.3 (Free) and <= 2.27.4 (Premium) - Unauthenticated Stored Cross-Site Scripting via Search Highlights, EUVD-2025-13660, WordPress Relevanssi Plugin <= 4.24.3 is vulnerable to Cross Site Scripting (XSS)]
- Relevanssi – A Better Search [relevanssi] < 4.24.5 [CVE-2025-4396, Relevanssi <= 4.24.4 (Free) and <= 2.27.5 (Premium) - Unauthenticated SQL Injection, EUVD-2025-14360]
- Relevanssi – A Better Search [relevanssi] < 4.24.6 [CVE-2025-5016, Relevanssi <= 4.24.5 (Free) and <= 2.27.6 (Premium) - Unauthenticated Stored Cross-Site Scripting via Excerpt Highlights, EUVD-2025-16540]
- Relevanssi – A Better Search [relevanssi] < 4.26.0 [CVE-2025-14719, Relevanssi < 4.26.0 (Free) < 2.29.0 (Premium) - Authenticated (Contributor+) SQL Injection]
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Safer / more established alternatives
- FiboSearch – Ajax Search for WooCommerce — 100000+ active installs — max PHP 8.4
- Ajax Search Lite – Live Search & Filter — 80000+ active installs — max PHP 8.4
- Advanced Woo Search – Product Search for WooCommerce — 70000+ active installs — max PHP 8.4
- ACF: Better Search — 40000+ active installs
- Themify – WooCommerce Product Filter — 20000+ active installs
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.