Relevanssi – A Better Search Security & Risk Analysis
wordpress.org/plugins/relevanssiRelevanssi replaces the default search with a partial-match search that sorts results by relevance. It also indexes comments and shortcode content.
Is Relevanssi – A Better Search Safe to Use in 2026?
Mostly Safe
Score 82/100Relevanssi – A Better Search is generally safe to use. 17 past CVEs were resolved.
The static analysis of Relevanssi v4.26.1 reveals a seemingly clean attack surface with no identified entry points like AJAX handlers, REST API routes, or shortcodes lacking authentication. Furthermore, the code signals indicate a lack of dangerous functions, proper output escaping for all identified outputs, and no file operations or external HTTP requests. The absence of any identified taint flows is also a positive indicator. However, a significant concern arises from the presence of a single SQL query that does not utilize prepared statements, which can be a vector for SQL injection vulnerabilities if the input is not meticulously sanitized before being passed to the query. The plugin's vulnerability history is a major red flag, with a substantial number of known CVEs (17 total) including one critical and three high-severity vulnerabilities. The types of past vulnerabilities also point to recurring issues with SQL injection, cross-site scripting, and authorization flaws. While there are currently no unpatched vulnerabilities, the historical pattern suggests a history of security weaknesses that require constant vigilance and timely patching. The current version appears to have addressed past critical issues, but the historical context warrants caution.
Key Concerns
- SQL query not using prepared statements
- High number of historical CVEs (17 total)
- Historical critical CVEs
- Historical high severity CVEs
Relevanssi – A Better Search Security Vulnerabilities
CVEs by Year
Severity Breakdown
17 total CVEs
Relevanssi < 4.26.0 (Free) < 2.29.0 (Premium) - Authenticated (Contributor+) SQL Injection
Relevanssi <= 4.24.5 (Free) and <= 2.27.6 (Premium) - Unauthenticated Stored Cross-Site Scripting via Excerpt Highlights
Relevanssi <= 4.24.4 (Free) and <= 2.27.5 (Premium) - Unauthenticated SQL Injection
Relevanssi <= 4.24.3 (Free) and <= 2.27.4 (Premium) - Unauthenticated Stored Cross-Site Scripting via Search Highlights
Relevanssi – A Better Search <= 4.23.0 (Free) and <= 2.26.0 (Premium) - Authenticated (Contributor+) Stored Cross-Site Scripting
Relevanssi <= 4.22.2 (Free) and <= 2.25.1 (Premium) - Unauthenticated Information Exposure
Relevanssi – A Better Search <= 4.22.1 - Unauthenticated Second Order CSV Injection
Relevanssi – A Better Search <= 4.22.1 - Missing Authorization to Unauthenticated Count Option Update
Relevanssi – A Better Search <= 4.22.0 (Free) and <= 2.25.0 (Premium) - Missing Authorization to Unauthenticated Query Log Export
Relevanssi <= 4.21.2 (Free) and < 2.25.0 (Premium) - Missing Authorization to Unauthorized Post Access
Relevanssi – A Better Search < 4.14.6 & Relevanssi – A Better Search Pro < 2.16.5 - Missing Authorization
Relevanssi - A Better Search Free & Premium <= 2.16.3 & 4.14.3 - Stored Cross-Site Scripting
Relevanssi <= 3.6.0 - Authenticated (Admin+) SQL Injection
Relevanssi <= 4.0.4 - Cross-Site Scripting
Relevanssi – A Better Search <= 3.5.7.1 - Stored Cross-Site Scripting
Relevanssi – A Better Search < 3.3.8 - Cross-Site Scripting
Relevanssi <= 3.3 - SQL Injection
Relevanssi – A Better Search Release Timeline
Relevanssi – A Better Search Code Analysis
SQL Query Safety
Relevanssi – A Better Search Attack Surface
WordPress Hooks 2
Maintenance & Trust
Relevanssi – A Better Search Maintenance & Trust
Maintenance Signals
Community Trust
Relevanssi – A Better Search Alternatives
Search Hero
search-hero
Search Hero replaces the default search with a better search that sorts by relevance. Designed for fast performance, and large wordpress sites.
Ajax Search Lite – Live Search & Filter
ajax-search-lite
The Best Ajax Live Search and Filter for WordPress. Live suggestions, Custom Post types, Custom fields, Categories, WooCommerce & Elementor support
Search, Filters & Merchandising for WooCommerce
instantsearch-for-woocommerce
Maximize your store sales with this easy-to-install plugin. Give shoppers a well-designed advanced search bar with live search suggestions.
FiboSearch – Ajax Search for WooCommerce
ajax-search-for-woocommerce
The most popular WooCommerce product search plugin. Gives your users a well-designed advanced AJAX search bar with live search suggestions.
Advanced Woo Search – Product Search for WooCommerce
advanced-woo-search
Advanced WooCommerce product search plugin. Search inside any product field. Support for both AJAX search and search results page.
Relevanssi – A Better Search Developer Profile
3 plugins · 107K total installs
How We Detect Relevanssi – A Better Search
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/relevanssi/css/admin.css/wp-content/plugins/relevanssi/css/search.css/wp-content/plugins/relevanssi/js/admin.js/wp-content/plugins/relevanssi/js/search.js/wp-content/plugins/relevanssi/js/admin.js/wp-content/plugins/relevanssi/js/search.jsrelevanssi/css/admin.css?ver=relevanssi/css/search.css?ver=relevanssi/js/admin.js?ver=relevanssi/js/search.js?ver=HTML / DOM Fingerprints
relevanssi-admin-settingsrelevanssi-admin-section<!-- Relevanssi search results --><!-- End Relevanssi search results --><!-- Relevanssi search result --><!-- Relevanssi result excerpt -->+2 moredata-relevanssi-post-iddata-relevanssi-indexvar relevanssi_vars[relevanssi search_results][relevanssi_search_form][relevanssi_related_posts]