cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-6495,https://securityvulnerability.io/vulnerability/CVE-2023-6495,Stored Cross-Site Scripting Vulnerability Affects YARPP Related Posts Plugin,"The YARPP – Yet Another Related Posts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 5.30.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",Wordpress,Yarpp – Yet Another Related Posts Plugin,4.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-06-19T08:33:57.218Z,0
CVE-2024-0602,https://securityvulnerability.io/vulnerability/CVE-2024-0602,Stored Cross-Site Scripting Vulnerability in YARPP Plugin for WordPress,"The YARPP - Yet Another Related Posts Plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping in the admin settings. This vulnerability can be exploited by authenticated attackers with administrator-level permissions on multi-site installations and those with unfiltered_html disabled, enabling them to insert malicious web scripts that execute when users access affected pages.",Wordpress,YARPP – Yet Another Related Posts Plugin,4.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-02-29T01:43:00.000Z,0
CVE-2023-2433,https://securityvulnerability.io/vulnerability/CVE-2023-2433,Stored Cross-Site Scripting Vulnerability in YARPP Plugin for WordPress,"The YARPP plugin for WordPress is susceptible to stored cross-site scripting vulnerabilities that stem from inadequate input sanitization and output escaping within the 'className' parameter. This vulnerability allows contributor-level attackers to deploy malicious web scripts on affected pages. Once injected, these scripts can execute whenever a user visits the compromised page, potentially leading to unauthorized actions, data exposure, or manipulation of the user experience.",Wordpress,Yarpp – Yet Another Related Posts Plugin,6.4,MEDIUM,0.000590000010561198,false,,false,false,false,,false,false,2023-07-18T09:15:00.000Z,0