Support » Plugin: Relevanssi - A Better Search » High risk of plugin code

Viewing 1 replies (of 1 total)
  • Plugin Author Mikko Saari


    From their site: “A high RIPS CodeRisk does not mean that there is a critical vulnerability in the plugin that can be directly exploited by an attacker, though it is possible. Quite often the affected code is not reachable without prior authentication, so there is no differentiation between authenticated and unauthenticated issues in the value.”

    I’ll see what they have to say. Relevanssi code has been audited by multiple security teams and follows safe WordPress conventions. As far as I can tell, this is a false alert and there are no risks in using Relevanssi.

    Relevanssi has a very limited surface that is exposed to general public, and all input that Relevanssi gets from users is securely sanitized and validated. There are couple of unpleasant things that can be done with Relevanssi with an admin account – but if someone has malicious intent and full admin access to your site, them being able to use Relevanssi to slow down your site is the least of your worries.

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.