YARPP <= 5.30.10 - Missing Authorization

The YARPP Yet Another Related Posts Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in the /includes/yarppprosetdisplaytypes.php file in all versions up to, and including, 5.30.10. This makes it possible for unauthenticated attackers to set displ...

EUVD-2023-12619

Malicious code in bioql PyPI...

EUVD-2022-48271

Malicious code in bioql PyPI...

EUVD-2024-16395

Malicious code in bioql PyPI...

EUVD-2023-33918

Malicious code in bioql PyPI...

EUVD-2022-51815

Malicious code in bioql PyPI...

EUVD-2023-58726

Malicious code in bioql PyPI...

CVE-2024-43919

Access Control vulnerability in YARPP YARPP allows . This issue affects YARPP: from n/a through 5.30.10...

CVE-2024-0602

The YARPP – Yet Another Related Posts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.30.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2023-0579

The YARPP WordPress plugin before 5.30.3 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscribers to perform SQL Injection attacks...

CVE-2023-6495

The YARPP – Yet Another Related Posts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 5.30.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2023-2433

The YARPP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'className' parameter in versions up to, and including, 5.30.3 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in page...

CVE-2022-4471

The YARPP WordPress plugin before 5.30.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-45374

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in YARPP allows PHP Local File Inclusion.This issue affects YARPP: from n/a through 5.30.4...

CVE-2024-43919

Access Control vulnerability in YARPP YARPP allows . This issue affects YARPP: from n/a through 5.30.10...

CVE-2024-43919

Access Control vulnerability in YARPP YARPP allows . This issue affects YARPP: from n/a through 5.30.10...

CVE-2024-43919 WordPress Yet Another Related Posts Plugin (YARPP) plugin <= 5.30.10 - Broken Access Control vulnerability

Access Control vulnerability in YARPP YARPP allows . This issue affects YARPP: from n/a through 5.30.10...

CVE-2024-43919 WordPress Yet Another Related Posts Plugin (YARPP) plugin <= 5.30.10 - Broken Access Control vulnerability

Access Control vulnerability in YARPP YARPP allows . This issue affects YARPP: from n/a through 5.30.10...

CVE-2024-43919

CVE-2024-43919 affects the YARPP plugin for WordPress up to version 5.30.10, with a missing authorization capability check allowing unauthenticated modification of display types (broken access control). The Nuclei template corroborates a Missing Authorization flaw in YARPP

PT-2024-30779 · Yarpp · Yarpp

Name of the Vulnerable Software and Affected Versions: YARPP versions n/a through 5.30.10 Description: The issue is related to an Access Control vulnerability in YARPP, which allows unauthorized access. Recommendations: For versions n/a through 5.30.10, update to a version later than 5.30.10 to...