14 matches found
CVE-2019-11869
The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that isadmin verifies that the request comes from an admin user it actually only verifies that the request is for an admin page. An unauthenticated attacker can inject a payload into the plugin settings, suc...
EUVD-2019-3529
Malware in sbrugna...
Malicious code in yuzo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 deb22bdfdecb739735dd50a5e0e2fe8329ee260b7236db8112629d7516d081d4 Package contains an infostealer and is clearly prepared for using it. Different versions present different variations, newer are based on CStealer. The...
MAL-2025-48911 Malicious code in yuzo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 deb22bdfdecb739735dd50a5e0e2fe8329ee260b7236db8112629d7516d081d4 Package contains an infostealer and is clearly prepared for using it. Different versions present different variations, newer are based on CStealer. The...
WordPress Yuzo Related Posts Plugin Cross-Site Scripting
A Cross-Site Scripting vulnerability exists in WordPress Yuzo Related Posts plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
Design/Logic Flaw
The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that isadmin verifies that the request comes from an admin user it actually only verifies that the request is for an admin page. An unauthenticated attacker can inject a payload into the plugin settings, suc...
CVE-2019-11869
The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that isadmin verifies that the request comes from an admin user it actually only verifies that the request is for an admin page. An unauthenticated attacker can inject a payload into the plugin settings, suc...
CVE-2019-11869
The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that isadmin verifies that the request comes from an admin user it actually only verifies that the request is for an admin page. An unauthenticated attacker can inject a payload into the plugin settings, suc...
CVE-2019-11869
The CVE-2019-11869 entry concerns the WordPress Yuzo Related Posts plugin before 5.12.94. A cross-site scripting (XSS) flaw arises because the plugin relies on is_admin() to verify the request origin, but that check only confirms the request targets an admin page, not that it comes from an admin ...
CVE-2019-11869
The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that isadmin verifies that the request comes from an admin user it actually only verifies that the request is for an admin page. An unauthenticated attacker can inject a payload into the plugin settings, suc...
VulnCheck KEV: CVE-2019-11869
The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that isadmin verifies that the request comes from an admin user it actually only verifies that the request is for an admin page. An unauthenticated attacker can inject a payload into the plugin...
Yuzo Related Posts Plugin for WordPress Cross-Site Scripting
The WordPress Yuzo Related Posts Plugin installed on the remote host is affected by a Cross-Site Scripting XSS vulnerability due to improper sanitization of user-supplied input. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported...
Users Urged to Uninstall WordPress Yuzo Plugin After Flaw Exploited
UPDATE Users of the popular Yuzo Related Posts plugin are being urged to uninstall the plugin after a flaw was discovered being exploited in the wild – putting tens of thousands of websites at risk. Yuzo Related Posts, which enables WordPress websites to display “related posts” segments, is...
WordPress Yuzo Related Posts plugin <=5.12.91 - Broken authentication
Broken authentication and session management allows unauthenticated call any action or update any option on WordPress Yuzo Related Posts plugin versions =5.12.91. Solution 10 April 2019 - this plugin was closed and is no longer available for download...