Lucene search
+L

30 matches found

0day.today
0day.today
added 2015/05/09 12:0 a.m.41 views

WordPress Yet Another Related Posts Plugin <= 4.2.4 - CSRF Vulnerability

Exploit for php platform in category web applications Homepage https://wordpress.org/plugins/yet-another-related-posts-plugin/ Affected Versions input type='hidden' name='autodisplayposttypespag...

7.1AI score
Exploits0
WPVulnDB
WPVulnDB
added 2015/05/08 12:0 a.m.10 views

Yet Another Related Posts Plugin (YARPP) 4.2.4 - CSRF / XSS / RCE

'Yet Another Related Posts Plugin' options can be updated with no token/nonce protection which an attacker may exploit via tricking website's administrator to enter a malformed page which will change YARPP options, and since some options allow html the attacker is able to inject malformed...

0.5AI score
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2015/04/20 12:0 a.m.20 views

Related Posts < 1.8.2 - XSS

The related-posts WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS1.9AI score0.00995EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2014/06/02 3:55 p.m.22 views

CVE-2013-3476

Cross-site request forgery CSRF vulnerability in the WordPress Related Posts plugin before 2.6.2 for WordPress allows remote attackers to hijack the authentication of users for requests that change settings via unspecified vectors...

6.8CVSS7.2AI score0.0107EPSS
Exploits0References4
NVD
NVD
added 2014/06/02 3:55 p.m.24 views

CVE-2013-2710

Cross-site request forgery CSRF vulnerability in the Contextual Related Posts plugin before 1.8.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via unspecified vectors...

6.8CVSS6.5AI score0.01052EPSS
Exploits0References4
Prion
Prion
added 2014/06/02 3:55 p.m.20 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Contextual Related Posts plugin before 1.8.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via unspecified vectors...

6.8CVSS6.7AI score0.01052EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2014/06/02 3:0 p.m.41 views

CVE-2013-3257

Summary of CVE-2013-3257 (WordPress Related Posts plugin): The Related Posts plugin for WordPress is affected by a CSRF vulnerability in versions before 2.7.2 that allows remote attackers to hijack the authentication of users and perform settings-modification actions via unspecified vectors. The ...

6.8CVSS7.4AI score0.0107EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2014/06/02 3:0 p.m.43 views

CVE-2013-3476

The CVE concerns the WordPress Related Posts plugin (prior to version 2.6.2) for WordPress, where a Cross-Site Request Forgery (CSRF) vulnerability could allow remote attackers to hijack user authentication and perform settings changes via unspecified vectors. The underlying issue is a CSRF flaw ...

6.8CVSS7.4AI score0.0107EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2014/06/02 3:0 p.m.27 views

CVE-2013-3257

Cross-site request forgery CSRF vulnerability in the Related Posts plugin before 2.7.2 for WordPress allows remote attackers to hijack the authentication of users for requests that modify settings via unspecified vectors...

7.2AI score0.0107EPSS
Exploits0References4
CVE
CVE
added 2011/03/28 4:0 p.m.45 views

CVE-2011-0760

CVE-2011-0760 affects the WP Related Posts WordPress plugin (version 1.0). The vulnerability is a cross-site request forgery (CSRF) in the plugin’s configuration screen, enabling remote attackers to hijack administrator sessions and inject cross-site scripting (XSS) via the parameters wp_relatedp...

4.3CVSS6.8AI score0.00964EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder