The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the handle_create_link() function. This makes it possible for unauthenticated attackers to add...
5.4CVSS
6.1AI Score
0.0004EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository barrykooij/related-posts-for-wp prior to...
5.4CVSS
5.3AI Score
0.001EPSS