SQL Injection and Unsafe Unserialization in Relevanssi Premium Plugin for WordPress
CVE-2016-10949

8.8HIGH

Key Information:

Vendor
Wordpress
Status
Relevanssi
Vendor
CVE Published:
13 September 2019

Summary

The Relevanssi Premium plugin for WordPress is susceptible to SQL injection attacks due to improper input validation in its handling of user-supplied data. This vulnerability can lead to unsafe unserialization, potentially enabling unauthorized users to execute arbitrary code under specific circumstances. It is crucial for site administrators to update to version 1.14.6.1 or later to mitigate these risks effectively.

References

https://advisories.dxw.com/advisories/sql-injection-and-u...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.