cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-32549,https://securityvulnerability.io/vulnerability/CVE-2024-32549,Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) Vulnerability in Related Posts for WordPress,"A critical Cross-Site Request Forgery (CSRF) vulnerability has been identified within the Microkid Related Posts plugin for WordPress, specifically impacting versions from n/a through 4.0.3. This vulnerability poses a significant risk as it allows attackers to exploit unsuspecting users, potentially leading to unauthorized actions on their behalf. The resulting Cross-Site Scripting (XSS) can compromise the integrity of the application, allowing attackers to inject malicious scripts into web pages viewed by users. Website administrators are urged to apply necessary patches and updates to mitigate potential risks associated with this vulnerability.",Wordpress,Related Posts For WordPress,7.1,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-04-17T08:07:18.833Z,0
CVE-2024-0592,https://securityvulnerability.io/vulnerability/CVE-2024-0592,Cross-Site Request Forgery Vulnerability in Related Posts for WordPress Plugin,"The Related Posts for WordPress plugin is susceptible to Cross-Site Request Forgery (CSRF) due to insufficient nonce validation in the handle_create_link() function. This vulnerability allows unauthenticated attackers to manipulate post relations if they can deceive an administrator into executing a crafted request. Consequently, attackers could access draft and password-protected posts, posing a risk to the confidentiality of sensitive content.",Wordpress,Related Posts For WordPress,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-13T15:26:51.578Z,0
CVE-2021-24537,https://securityvulnerability.io/vulnerability/CVE-2021-24537,Similar Posts <= 3.1.5 - Admin+ Arbitrary PHP Code Execution,"The Similar Posts WordPress plugin through 3.1.5 allow high privilege users to execute arbitrary PHP code in an hardened environment (ie with DISALLOW_FILE_EDIT, DISALLOW_FILE_MODS and DISALLOW_UNFILTERED_HTML set to true) via the 'widget_rrm_similar_posts_condition' widget setting of the plugin.",Wordpress,Similar Posts – Best Related Posts Plugin For WordPress,7.2,HIGH,0.001509999972768128,false,,false,false,false,,false,false,2021-11-08T17:34:43.000Z,0
CVE-2021-24482,https://securityvulnerability.io/vulnerability/CVE-2021-24482,Related Posts for WordPress <= 2.0.4 - Authenticated Stored XSS & XFS,"The Related Posts for WordPress plugin through 2.0.4 does not sanitise its heading_text and CSS settings, allowing high privilege users (admin) to set XSS payloads in them, leading to Stored Cross-Site Scripting issues.",Wordpress,Related Posts For WordPress,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-07-19T10:53:19.000Z,0
CVE-2021-24211,https://securityvulnerability.io/vulnerability/CVE-2021-24211,WordPress Related Posts <= 3.6.4 - Authenticated Stored Cross-Site Scripting (XSS),The WordPress Related Posts plugin through 3.6.4 contains an authenticated (admin+) stored XSS vulnerability in the title field on the settings page. By exploiting that an attacker will be able to execute JavaScript code in the user's browser.,Wordpress,WordPress Related Posts,5.4,MEDIUM,0.0007399999885819852,false,,false,false,false,,false,false,2021-04-05T18:27:47.000Z,0
CVE-2021-24180,https://securityvulnerability.io/vulnerability/CVE-2021-24180,Related Posts for WordPress < 2.0.4 - Authenticated Reflected Cross-Site Scripting (XSS),"Unvalidated input and lack of output encoding within the Related Posts for WordPress plugin before 2.0.4 lead to a Reflected Cross-Site Scripting (XSS) vulnerability within the 'lang' GET parameter while editing a post, triggered when users with the capability of editing posts access a malicious URL.",Wordpress,Related Posts For WordPress,5.4,MEDIUM,0.0007399999885819852,false,,false,false,false,,false,false,2021-04-05T18:27:45.000Z,0