https://jacktaylor.tech/tags/relevanssi/Recent content in Relevanssi on Jack TaylorHugoenjack@jacktaylor.tech (Jack Taylor)jack@jacktaylor.tech (Jack Taylor)Sun, 12 Apr 2026 00:47:49 +0900https://jacktaylor.tech/2026/04/how-i-found-sql-injection-on-100000-wordpress-sites/Sun, 12 Apr 2026 00:47:49 +0900jack@jacktaylor.tech (Jack Taylor)https://jacktaylor.tech/2026/04/how-i-found-sql-injection-on-100000-wordpress-sites/<p>I recently reported an unauthenticated <a href="https://en.wikipedia.org/wiki/SQL_injection">SQL injection</a> in <a href="https://www.relevanssi.com/">Relevanssi</a>, a WordPress search plugin that was active on more than 100,000 sites. There were two things that made this bug especially fun to work on: first, a type confusion issue where input that only <em>looked</em> like a numeric term ID could carry extra SQL with it, and second, an exploitation trick where one SQL injection payload was smuggled inside another in order to get around the limitations of the first query.</p>