cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10937,https://securityvulnerability.io/vulnerability/CVE-2024-10937,Sensitive Information Exposure Vulnerability in Related Posts Plugin,"The Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.58 via the wp_ajax_nopriv_related_post_ajax_get_post_ids AJAX action. This makes it possible for unauthenticated attackers to extract sensitive data including titles of posts in draft status.",Wordpress,"Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By Pickplugins",5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-12-05T08:23:59.347Z,0
CVE-2024-6487,https://securityvulnerability.io/vulnerability/CVE-2024-6487,Inline Related Posts Plugin Could Allow Stored XSS Attacks,"The Inline Related Posts WordPress plugin before 3.8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)",Wordpress,Inline Related Posts,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-07-29T06:00:08.552Z,0
CVE-2024-5626,https://securityvulnerability.io/vulnerability/CVE-2024-5626,Reflected Cross-Site Scripting Vulnerability in Inline Related Posts WordPress Plugin,"The Inline Related Posts WordPress plugin before 3.7.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin",Wordpress,Inline Related Posts,6.1,MEDIUM,0.0004600000102072954,false,,false,false,true,true,false,false,2024-07-12T06:00:06.094Z,0
CVE-2023-6257,https://securityvulnerability.io/vulnerability/CVE-2023-6257,Plugin Flaw Exposes Password Protected Posts to Unauthorized Access,"The Inline Related Posts WordPress plugin before 3.6.0 is missing authorization in an AJAX action to ensure that users are allowed to see the content of the posts displayed, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts",Wordpress,Inline Related Posts,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-04-11T05:00:02.030Z,0
CVE-2024-2444,https://securityvulnerability.io/vulnerability/CVE-2024-2444,Inline Related Posts Plugin Vulnerable to Cross-Site Scripting Attacks,"The Inline Related Posts WordPress plugin before 3.5.0 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed",Wordpress,Inline Related Posts,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-04-06T05:15:00.000Z,0