CVE-2016-10949 – Relevanssi Premium < 1.14.6.1 - SQL Injection
https://notcve.org/view.php?id=CVE-2016-10949
The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization. El plugin Relevanssi Premium versiones anteriores a 1.14.6.1 para WordPress, presenta una inyección SQL con una deserialización no segura resultante. • https://advisories.dxw.com/advisories/sql-injection-and-unserialization-vulnerability-in-relevanssi-premium-could-allow-admins-to-execute-arbitrary-code-in-some-circumstances • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2014-9443 – Relevanssi – A Better Search < 3.3.8 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-9443
Cross-site scripting (XSS) vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el plugin Relevanssi anterior a 3.3.8 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/61744 https://wordpress.org/plugins/relevanssi/changelog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •