Skip to main content

Related Posts

7 CVEs product

Monthly

CVE-2024-0592 MEDIUM PATCH This Month

The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Related Posts
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2022-3506 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository barrykooij/related-posts-for-wp prior to 2.1.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Related Posts
NVD GitHub
CVSS 3.1
5.4
EPSS
1.1%
CVE-2021-24482 MEDIUM POC This Month

The Related Posts for WordPress plugin through 2.0.4 does not sanitise its heading_text and CSS settings, allowing high privilege users (admin) to set XSS payloads in them, leading to Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Related Posts
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-24180 MEDIUM POC This Month

Unvalidated input and lack of output encoding within the Related Posts for WordPress plugin before 2.0.4 lead to a Reflected Cross-Site Scripting (XSS) vulnerability within the 'lang' GET parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Related Posts
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2013-3476 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the WordPress Related Posts plugin before 2.6.2 for WordPress allows remote attackers to hijack the authentication of users for requests that change. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF WordPress Related Posts
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-3257 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the Related Posts plugin before 2.7.2 for WordPress allows remote attackers to hijack the authentication of users for requests that modify settings. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF WordPress Related Posts
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-3477 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Related Posts by Zemanta plugin before 1.3.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF WordPress Related Posts
NVD
CVSS 2.0
6.8
EPSS
0.1%
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Related Posts
NVD VulDB
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository barrykooij/related-posts-for-wp prior to 2.1.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Related Posts
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC This Month

The Related Posts for WordPress plugin through 2.0.4 does not sanitise its heading_text and CSS settings, allowing high privilege users (admin) to set XSS payloads in them, leading to Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Related Posts
NVD WPScan
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Unvalidated input and lack of output encoding within the Related Posts for WordPress plugin before 2.0.4 lead to a Reflected Cross-Site Scripting (XSS) vulnerability within the 'lang' GET parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Related Posts
NVD WPScan
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the WordPress Related Posts plugin before 2.6.2 for WordPress allows remote attackers to hijack the authentication of users for requests that change. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF WordPress Related Posts
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in the Related Posts plugin before 2.7.2 for WordPress allows remote attackers to hijack the authentication of users for requests that modify settings. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF WordPress Related Posts
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Related Posts by Zemanta plugin before 1.3.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF WordPress Related Posts
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy