cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-6495,https://securityvulnerability.io/vulnerability/CVE-2023-6495,Stored Cross-Site Scripting Vulnerability Affects YARPP Related Posts Plugin,"The YARPP – Yet Another Related Posts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 5.30.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",Wordpress,Yarpp – Yet Another Related Posts Plugin,4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-06-19T08:33:57.218Z,0
CVE-2024-0602,https://securityvulnerability.io/vulnerability/CVE-2024-0602,Stored Cross-Site Scripting Vulnerability in YARPP Plugin for WordPress,"The YARPP - Yet Another Related Posts Plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping in the admin settings. This vulnerability can be exploited by authenticated attackers with administrator-level permissions on multi-site installations and those with unfiltered_html disabled, enabling them to insert malicious web scripts that execute when users access affected pages.",Wordpress,YARPP – Yet Another Related Posts Plugin,4.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-02-29T01:43:00.000Z,0
CVE-2023-0579,https://securityvulnerability.io/vulnerability/CVE-2023-0579,YARPP - Yet Another Related Posts Plugin < 5.30.3 - Subscriber+ SQLi,"The YARPP WordPress plugin prior to version 5.30.3 suffers from a vulnerability due to the lack of validation and escaping of certain shortcode attributes in SQL statements. This oversight allows authenticated users, including those with low-level access like subscribers, to execute SQL Injection attacks. Such an attack could lead to unauthorized database manipulation and expose sensitive information, making it critical to update to the latest version to mitigate this risk.",Wordpress,Yarpp,8.8,HIGH,0.0008500000112690032,false,,false,false,false,,false,false,2023-08-16T12:15:00.000Z,0
CVE-2023-2433,https://securityvulnerability.io/vulnerability/CVE-2023-2433,Stored Cross-Site Scripting Vulnerability in YARPP Plugin for WordPress,"The YARPP plugin for WordPress is susceptible to stored cross-site scripting vulnerabilities that stem from inadequate input sanitization and output escaping within the 'className' parameter. This vulnerability allows contributor-level attackers to deploy malicious web scripts on affected pages. Once injected, these scripts can execute whenever a user visits the compromised page, potentially leading to unauthorized actions, data exposure, or manipulation of the user experience.",Wordpress,Yarpp – Yet Another Related Posts Plugin,6.4,MEDIUM,0.000590000010561198,false,,false,false,false,,false,false,2023-07-18T09:15:00.000Z,0
CVE-2022-4471,https://securityvulnerability.io/vulnerability/CVE-2022-4471,YARPP - Yet Another Related Posts Plugin < 5.30.3 - Contributor+ Stored XSS,"The YARPP WordPress plugin before 5.30.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks",Wordpress,Yarpp,5.4,MEDIUM,0.0005099999834783375,false,,false,false,false,,false,false,2023-02-13T14:32:30.170Z,0