30 matches found
WordPress Yet Another Related Posts Plugin <= 4.2.4 - CSRF Vulnerability
Exploit for php platform in category web applications Homepage https://wordpress.org/plugins/yet-another-related-posts-plugin/ Affected Versions input type='hidden' name='autodisplayposttypespag...
Yet Another Related Posts Plugin (YARPP) 4.2.4 - CSRF / XSS / RCE
'Yet Another Related Posts Plugin' options can be updated with no token/nonce protection which an attacker may exploit via tricking website's administrator to enter a malformed page which will change YARPP options, and since some options allow html the attacker is able to inject malformed...
Related Posts < 1.8.2 - XSS
The related-posts WordPress plugin was affected by a XSS security vulnerability...
CVE-2013-3476
Cross-site request forgery CSRF vulnerability in the WordPress Related Posts plugin before 2.6.2 for WordPress allows remote attackers to hijack the authentication of users for requests that change settings via unspecified vectors...
CVE-2013-2710
Cross-site request forgery CSRF vulnerability in the Contextual Related Posts plugin before 1.8.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via unspecified vectors...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the Contextual Related Posts plugin before 1.8.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via unspecified vectors...
CVE-2013-3257
Summary of CVE-2013-3257 (WordPress Related Posts plugin): The Related Posts plugin for WordPress is affected by a CSRF vulnerability in versions before 2.7.2 that allows remote attackers to hijack the authentication of users and perform settings-modification actions via unspecified vectors. The ...
CVE-2013-3476
The CVE concerns the WordPress Related Posts plugin (prior to version 2.6.2) for WordPress, where a Cross-Site Request Forgery (CSRF) vulnerability could allow remote attackers to hijack user authentication and perform settings changes via unspecified vectors. The underlying issue is a CSRF flaw ...
CVE-2013-3257
Cross-site request forgery CSRF vulnerability in the Related Posts plugin before 2.7.2 for WordPress allows remote attackers to hijack the authentication of users for requests that modify settings via unspecified vectors...
CVE-2011-0760
CVE-2011-0760 affects the WP Related Posts WordPress plugin (version 1.0). The vulnerability is a cross-site request forgery (CSRF) in the plugin’s configuration screen, enabling remote attackers to hijack administrator sessions and inject cross-site scripting (XSS) via the parameters wp_relatedp...