Lucene search
K

14 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:11 a.m.10 views

CVE-2019-11869

The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that isadmin verifies that the request comes from an admin user it actually only verifies that the request is for an admin page. An unauthenticated attacker can inject a payload into the plugin settings, suc...

6.1CVSS6.2AI score0.05331EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-3529

Malware in sbrugna...

6.1CVSS6.2AI score0.05331EPSS
Exploits1References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/19 4:7 p.m.5 views

Malicious code in yuzo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 deb22bdfdecb739735dd50a5e0e2fe8329ee260b7236db8112629d7516d081d4 Package contains an infostealer and is clearly prepared for using it. Different versions present different variations, newer are based on CStealer. The...

7AI score
Exploits0References1
OSV
OSV
added 2025/09/19 4:7 p.m.4 views

MAL-2025-48911 Malicious code in yuzo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 deb22bdfdecb739735dd50a5e0e2fe8329ee260b7236db8112629d7516d081d4 Package contains an infostealer and is clearly prepared for using it. Different versions present different variations, newer are based on CStealer. The...

6.9AI score
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2019/07/01 12:0 a.m.2 views

WordPress Yuzo Related Posts Plugin Cross-Site Scripting

A Cross-Site Scripting vulnerability exists in WordPress Yuzo Related Posts plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

4.8AI score
Exploits0
Prion
Prion
added 2019/05/09 11:29 p.m.16 views

Design/Logic Flaw

The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that isadmin verifies that the request comes from an admin user it actually only verifies that the request is for an admin page. An unauthenticated attacker can inject a payload into the plugin settings, suc...

4.3CVSS6.1AI score0.05331EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2019/05/09 11:29 p.m.4 views

CVE-2019-11869

The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that isadmin verifies that the request comes from an admin user it actually only verifies that the request is for an admin page. An unauthenticated attacker can inject a payload into the plugin settings, suc...

6.1CVSS6.4AI score0.05331EPSS
Exploits1References3
NVD
NVD
added 2019/05/09 11:29 p.m.30 views

CVE-2019-11869

The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that isadmin verifies that the request comes from an admin user it actually only verifies that the request is for an admin page. An unauthenticated attacker can inject a payload into the plugin settings, suc...

6.1CVSS6.2AI score0.05331EPSS
Exploits1References3
CVE
CVE
added 2019/05/09 9:24 p.m.163 views

CVE-2019-11869

The CVE-2019-11869 entry concerns the WordPress Yuzo Related Posts plugin before 5.12.94. A cross-site scripting (XSS) flaw arises because the plugin relies on is_admin() to verify the request origin, but that check only confirms the request targets an admin page, not that it comes from an admin ...

6.1CVSS6AI score0.05331EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2019/05/09 9:24 p.m.35 views

CVE-2019-11869

The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that isadmin verifies that the request comes from an admin user it actually only verifies that the request is for an admin page. An unauthenticated attacker can inject a payload into the plugin settings, suc...

6.1AI score0.05331EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2019/05/09 12:0 a.m.3 views

VulnCheck KEV: CVE-2019-11869

The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that isadmin verifies that the request comes from an admin user it actually only verifies that the request is for an admin page. An unauthenticated attacker can inject a payload into the plugin...

6.1CVSS6.4AI score0.05331EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2019/04/25 12:0 a.m.33 views

Yuzo Related Posts Plugin for WordPress Cross-Site Scripting

The WordPress Yuzo Related Posts Plugin installed on the remote host is affected by a Cross-Site Scripting XSS vulnerability due to improper sanitization of user-supplied input. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported...

6.1CVSS6.2AI score0.05331EPSS
Exploits1References3
ThreatPost
ThreatPost
added 2019/04/11 5:19 p.m.107 views

Users Urged to Uninstall WordPress Yuzo Plugin After Flaw Exploited

UPDATE Users of the popular Yuzo Related Posts plugin are being urged to uninstall the plugin after a flaw was discovered being exploited in the wild – putting tens of thousands of websites at risk. Yuzo Related Posts, which enables WordPress websites to display “related posts” segments, is...

7.5CVSS10AI score0.9927EPSS
Exploits45References10
Patchstack
Patchstack
added 2019/04/10 12:0 a.m.9 views

WordPress Yuzo Related Posts plugin <=5.12.91 - Broken authentication

Broken authentication and session management allows unauthenticated call any action or update any option on WordPress Yuzo Related Posts plugin versions =5.12.91. Solution 10 April 2019 - this plugin was closed and is no longer available for download...

3.7AI score
Exploits0References1Affected Software1
Rows per page
Query Builder