cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-11363,https://securityvulnerability.io/vulnerability/CVE-2024-11363,Reflected Cross-Site Scripting in Related Posts by Taxonomy Plugin for WordPress,"The Related Posts by Taxonomy plugin for WordPress is susceptible to a Reflected Cross-Site Scripting vulnerability due to improper use of functions that modify URL parameters without adequate escaping. This issue affects all versions up to and including 1.0.16. Attackers can exploit this vulnerability to inject malicious scripts into the application if they can manipulate users into clicking crafted links, potentially leading to unauthorized actions on the victim's browser.",Wordpress,Same But Different – Related Posts By Taxonomy,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,false,false,false,2025-01-07T04:22:15.755Z,0
CVE-2024-10937,https://securityvulnerability.io/vulnerability/CVE-2024-10937,Sensitive Information Exposure Vulnerability in Related Posts Plugin,"The Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.58 via the wp_ajax_nopriv_related_post_ajax_get_post_ids AJAX action. This makes it possible for unauthenticated attackers to extract sensitive data including titles of posts in draft status.",Wordpress,"Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By Pickplugins",5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-12-05T08:23:59.347Z,0
CVE-2024-6487,https://securityvulnerability.io/vulnerability/CVE-2024-6487,Inline Related Posts Plugin Could Allow Stored XSS Attacks,"The Inline Related Posts WordPress plugin before 3.8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)",Wordpress,Inline Related Posts,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-07-29T06:00:08.552Z,0
CVE-2024-5626,https://securityvulnerability.io/vulnerability/CVE-2024-5626,Reflected Cross-Site Scripting Vulnerability in Inline Related Posts WordPress Plugin,"The Inline Related Posts WordPress plugin before 3.7.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin",Wordpress,Inline Related Posts,6.1,MEDIUM,0.0004600000102072954,false,,false,false,true,true,false,false,2024-07-12T06:00:06.094Z,0
CVE-2023-6495,https://securityvulnerability.io/vulnerability/CVE-2023-6495,Stored Cross-Site Scripting Vulnerability Affects YARPP Related Posts Plugin,"The YARPP – Yet Another Related Posts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 5.30.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",Wordpress,Yarpp – Yet Another Related Posts Plugin,4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-06-19T08:33:57.218Z,0
CVE-2024-32549,https://securityvulnerability.io/vulnerability/CVE-2024-32549,Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) Vulnerability in Related Posts for WordPress,"A critical Cross-Site Request Forgery (CSRF) vulnerability has been identified within the Microkid Related Posts plugin for WordPress, specifically impacting versions from n/a through 4.0.3. This vulnerability poses a significant risk as it allows attackers to exploit unsuspecting users, potentially leading to unauthorized actions on their behalf. The resulting Cross-Site Scripting (XSS) can compromise the integrity of the application, allowing attackers to inject malicious scripts into web pages viewed by users. Website administrators are urged to apply necessary patches and updates to mitigate potential risks associated with this vulnerability.",Wordpress,Related Posts For WordPress,7.1,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-17T08:07:18.833Z,0
CVE-2023-6257,https://securityvulnerability.io/vulnerability/CVE-2023-6257,Plugin Flaw Exposes Password Protected Posts to Unauthorized Access,"The Inline Related Posts WordPress plugin before 3.6.0 is missing authorization in an AJAX action to ensure that users are allowed to see the content of the posts displayed, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts",Wordpress,Inline Related Posts,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-04-11T05:00:02.030Z,0
CVE-2024-2444,https://securityvulnerability.io/vulnerability/CVE-2024-2444,Inline Related Posts Plugin Vulnerable to Cross-Site Scripting Attacks,"The Inline Related Posts WordPress plugin before 3.5.0 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed",Wordpress,Inline Related Posts,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-04-06T05:15:00.000Z,0
CVE-2024-0592,https://securityvulnerability.io/vulnerability/CVE-2024-0592,Cross-Site Request Forgery Vulnerability in Related Posts for WordPress Plugin,"The Related Posts for WordPress plugin is susceptible to Cross-Site Request Forgery (CSRF) due to insufficient nonce validation in the handle_create_link() function. This vulnerability allows unauthenticated attackers to manipulate post relations if they can deceive an administrator into executing a crafted request. Consequently, attackers could access draft and password-protected posts, posing a risk to the confidentiality of sensitive content.",Wordpress,Related Posts For WordPress,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-13T15:26:51.578Z,0
CVE-2024-0602,https://securityvulnerability.io/vulnerability/CVE-2024-0602,Stored Cross-Site Scripting Vulnerability in YARPP Plugin for WordPress,"The YARPP - Yet Another Related Posts Plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping in the admin settings. This vulnerability can be exploited by authenticated attackers with administrator-level permissions on multi-site installations and those with unfiltered_html disabled, enabling them to insert malicious web scripts that execute when users access affected pages.",Wordpress,YARPP – Yet Another Related Posts Plugin,4.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-02-29T01:43:00.000Z,0
CVE-2023-4889,https://securityvulnerability.io/vulnerability/CVE-2023-4889,Stored Cross-Site Scripting in Shareaholic Plugin for WordPress,"The Shareaholic plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping on user-supplied attributes within the 'shareaholic' shortcode. This vulnerability allows authenticated attackers with contributor-level permissions or higher to inject malicious web scripts into pages. These scripts can execute in the browsers of users who access the compromised pages, potentially leading to identity theft, session hijacking, or other malicious exploits.",Wordpress,"Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic",5.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2023-11-15T07:15:00.000Z,0
CVE-2023-2433,https://securityvulnerability.io/vulnerability/CVE-2023-2433,Stored Cross-Site Scripting Vulnerability in YARPP Plugin for WordPress,"The YARPP plugin for WordPress is susceptible to stored cross-site scripting vulnerabilities that stem from inadequate input sanitization and output escaping within the 'className' parameter. This vulnerability allows contributor-level attackers to deploy malicious web scripts on affected pages. Once injected, these scripts can execute whenever a user visits the compromised page, potentially leading to unauthorized actions, data exposure, or manipulation of the user experience.",Wordpress,Yarpp – Yet Another Related Posts Plugin,6.4,MEDIUM,0.000590000010561198,false,,false,false,false,,false,false,2023-07-18T09:15:00.000Z,0
CVE-2023-0252,https://securityvulnerability.io/vulnerability/CVE-2023-0252,Contextual Related Posts < 3.3.1 - Contributor+ Stored XSS,"The Contextual Related Posts WordPress plugin before 3.3.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks",Wordpress,Contextual Related Posts,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-02-06T20:15:00.000Z,0
CVE-2022-0594,https://securityvulnerability.io/vulnerability/CVE-2022-0594,Shareaholic < 9.7.6 - Information Disclosure,"The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v < 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc.",Wordpress,"Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic",5.3,MEDIUM,0.0013500000350177288,false,,false,false,false,,false,false,2022-07-25T12:45:37.000Z,0
CVE-2021-24537,https://securityvulnerability.io/vulnerability/CVE-2021-24537,Similar Posts <= 3.1.5 - Admin+ Arbitrary PHP Code Execution,"The Similar Posts WordPress plugin through 3.1.5 allow high privilege users to execute arbitrary PHP code in an hardened environment (ie with DISALLOW_FILE_EDIT, DISALLOW_FILE_MODS and DISALLOW_UNFILTERED_HTML set to true) via the 'widget_rrm_similar_posts_condition' widget setting of the plugin.",Wordpress,Similar Posts – Best Related Posts Plugin For WordPress,7.2,HIGH,0.001509999972768128,false,,false,false,false,,false,false,2021-11-08T17:34:43.000Z,0
CVE-2021-34654,https://securityvulnerability.io/vulnerability/CVE-2021-34654,Custom Post Type Relations <= 1.0 Reflected Cross-Site Scripting,"The Custom Post Type Relations WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the cptr[name] parameter found in the ~/pages/admin-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.",Wordpress,Custom Post Type Relations,6.1,MEDIUM,0.0007600000244565308,false,,false,false,false,,false,false,2021-08-16T19:15:00.000Z,0
CVE-2021-24482,https://securityvulnerability.io/vulnerability/CVE-2021-24482,Related Posts for WordPress <= 2.0.4 - Authenticated Stored XSS & XFS,"The Related Posts for WordPress plugin through 2.0.4 does not sanitise its heading_text and CSS settings, allowing high privilege users (admin) to set XSS payloads in them, leading to Stored Cross-Site Scripting issues.",Wordpress,Related Posts For WordPress,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-07-19T10:53:19.000Z,0
CVE-2021-24211,https://securityvulnerability.io/vulnerability/CVE-2021-24211,WordPress Related Posts <= 3.6.4 - Authenticated Stored Cross-Site Scripting (XSS),The WordPress Related Posts plugin through 3.6.4 contains an authenticated (admin+) stored XSS vulnerability in the title field on the settings page. By exploiting that an attacker will be able to execute JavaScript code in the user's browser.,Wordpress,WordPress Related Posts,5.4,MEDIUM,0.0007399999885819852,false,,false,false,false,,false,false,2021-04-05T18:27:47.000Z,0
CVE-2021-24180,https://securityvulnerability.io/vulnerability/CVE-2021-24180,Related Posts for WordPress < 2.0.4 - Authenticated Reflected Cross-Site Scripting (XSS),"Unvalidated input and lack of output encoding within the Related Posts for WordPress plugin before 2.0.4 lead to a Reflected Cross-Site Scripting (XSS) vulnerability within the 'lang' GET parameter while editing a post, triggered when users with the capability of editing posts access a malicious URL.",Wordpress,Related Posts For WordPress,5.4,MEDIUM,0.0007399999885819852,false,,false,false,false,,false,false,2021-04-05T18:27:45.000Z,0
CVE-2015-9361,https://securityvulnerability.io/vulnerability/CVE-2015-9361,,The Related Posts plugin before 1.8.2 for WordPress has XSS via add_query_arg() and remove_query_arg().,Wordpress,Related Posts,6.1,MEDIUM,0.0006600000197067857,false,,false,false,false,,false,false,2019-08-28T11:53:40.000Z,0
CVE-2014-3937,https://securityvulnerability.io/vulnerability/CVE-2014-3937,,SQL injection vulnerability in the Contextual Related Posts plugin before 1.8.10.2 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.,Wordpress,Contextual Related Posts,,,0.001829999964684248,false,,false,false,false,,false,false,2014-06-02T15:55:00.000Z,0
CVE-2013-3257,https://securityvulnerability.io/vulnerability/CVE-2013-3257,,Cross-site request forgery (CSRF) vulnerability in the Related Posts plugin before 2.7.2 for WordPress allows remote attackers to hijack the authentication of users for requests that modify settings via unspecified vectors.,Wordpress,Related Posts,,,0.0015999999595806003,false,,false,false,false,,false,false,2014-06-02T15:00:00.000Z,0
CVE-2013-2710,https://securityvulnerability.io/vulnerability/CVE-2013-2710,,Cross-site request forgery (CSRF) vulnerability in the Contextual Related Posts plugin before 1.8.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via unspecified vectors.,Wordpress,Contextual Related Posts,,,0.001339999958872795,false,,false,false,false,,false,false,2014-06-02T15:00:00.000Z,0
CVE-2013-3476,https://securityvulnerability.io/vulnerability/CVE-2013-3476,,Cross-site request forgery (CSRF) vulnerability in the WordPress Related Posts plugin before 2.6.2 for WordPress allows remote attackers to hijack the authentication of users for requests that change settings via unspecified vectors.,Wordpress,Related Posts,,,0.0015999999595806003,false,,false,false,false,,false,false,2014-06-02T15:00:00.000Z,0
CVE-2013-3477,https://securityvulnerability.io/vulnerability/CVE-2013-3477,,Cross-site request forgery (CSRF) vulnerability in the Related Posts by Zemanta plugin before 1.3.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change settings via unknown vectors.,Wordpress,Related Posts,,,0.0015999999595806003,false,,false,false,false,,false,false,2014-05-27T15:00:00.000Z,0