CVE-2024-43919
- EPSS 84.19%
- Published 01.11.2024 15:15:48
- Last modified 13.11.2024 15:02:22
Access Control vulnerability in YARPP YARPP allows . This issue affects YARPP: from n/a through 5.30.10.
CVE-2023-6495
- EPSS 0.14%
- Published 19.06.2024 09:15:10
- Last modified 27.02.2025 15:15:08
The YARPP – Yet Another Related Posts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 5.30.9 due to insufficient input sanitization and output escaping. This makes it pos...
CVE-2022-45374
- EPSS 0.96%
- Published 17.05.2024 07:15:47
- Last modified 05.03.2025 18:25:53
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in YARPP allows PHP Local File Inclusion.This issue affects YARPP: from n/a through 5.30.4.
- EPSS 0.19%
- Published 29.02.2024 01:43:22
- Last modified 26.02.2025 15:14:42
The YARPP – Yet Another Related Posts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.30.9 due to insufficient input sanitization and output escaping. This makes it p...
CVE-2023-2433
- EPSS 0.12%
- Published 18.07.2023 09:15:11
- Last modified 21.11.2024 07:58:36
The YARPP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'className' parameter in versions up to, and including, 5.30.3 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level at...
CVE-2022-4471
- EPSS 0.49%
- Published 13.02.2023 15:15:16
- Last modified 21.03.2025 20:15:13
The YARPP WordPress plugin before 5.30.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Sto...