Description
WordPress Plugin Relevanssi Premium-A Better Search is prone to multiple vulnerabilities, including SQL injection and arbitrary code execution vulnerabilities. Exploiting these issues could allow an attacker to access or modify data, to execute arbitrary commands with the privileges of the user running the application, to compromise the application or the underlying database, or to compromise a vulnerable system. WordPress Plugin Relevanssi Premium-A Better Search version 1.14.4 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.14.6.1 or latest
References
http://seclists.org/fulldisclosure/2016/Nov/109
http://seclists.org/fulldisclosure/2016/Nov/108
https://packetstormsecurity.com/files/139802/Relevanssi-Premium-1.14.4-Code-Execution.html
https://packetstormsecurity.com/files/139803/Relevanssi-Premium-1.14.4-SQL-Injection.html
Related Vulnerabilities
MySQL CVE-2020-14576 Vulnerability (CVE-2020-14576)
MySQL CVE-2012-0496 Vulnerability (CVE-2012-0496)
WordPress Plugin Order XML File Export Import for WooCommerce Cross-Site Request Forgery (1.3.0)
XOOPS Other Vulnerability (CVE-2005-2112)
Oracle Database Server CVE-2019-2734 Vulnerability (CVE-2019-2734)