Yarpp Yet_another_related_posts_plugin
7 CVEs affecting Yarpp Yet_another_related_posts_plugin. Latest disclosed: 2024-11-01. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-0579 | High | 8.8 | 2023-08-16 | The YARPP WordPress plugin before 5.30.3 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow… |
CVE-2022-45374 | High | 7.7 | 2024-05-17 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in YARPP allows PHP Local File Inclusion.This issue affects YARPP… |
CVE-2023-2433 | Medium | 6.4 | 2023-07-18 | The YARPP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'className' parameter in versions up to, and including, 5.30.3 due to insuffici… |
CVE-2022-4471 | Medium | 5.4 | 2023-02-13 | The YARPP WordPress plugin before 5.30.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the sho… |
CVE-2024-43919 | Medium | 5.3 | 2024-11-01 | Access Control vulnerability in YARPP YARPP allows . This issue affects YARPP: from n/a through 5.30.10. |
CVE-2023-6495 | Medium | 4.4 | 2024-06-19 | The YARPP – Yet Another Related Posts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and inc… |
CVE-2024-0602 | Medium | 4.4 | 2024-02-29 | The YARPP – Yet Another Related Posts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and in… |