CVE-2025-14719

CWE-89 — SQL Injection4 documents4 sources

Severity

4.9MEDIUM

EPSS

0.0%

top 89.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Relevanssi Unknown Relevanssi Premium

Timeline

PublishedJan 7

Description

The Relevanssi WordPress plugin before 4.26.0, Relevanssi Premium WordPress plugin before 2.29.0 do not sanitize and escape a parameter before using it in a SQL statement, allowing contributor and above roles to perform SQL injection attacks

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5unknown/relevanssi_premium< 2.29.0

▶CVEListV5unknown/relevanssi< 4.26.0

🔴Vulnerability Details

GHSA

GHSA-xxq2-fm9w-xjv8: The Relevanssi WordPress plugin before 4↗2026-01-07

▶

CVEList

Relevanssi (Free < 4.26.0, Premium < 2.29.0) - Contributor+ SQLi↗2026-01-07

▶

🕵️Threat Intelligence

Wiz

CVE-2025-14719 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶