CVE-2024-2444

CVE-2024-2444 affects the Inline Related Posts WordPress plugin (before 3.5.0). The issue is stored XSS due to insufficient sanitisation/escaping of certain settings, enabling high-privilege users (e.g., Administrators) to perform Cross-Site Scripting attacks. The vulnerability is exploitable via...

CVE-2023-6257

CVE-2023-6257 affects the WordPress plugin Inline Related Posts (before v3.6.0). The root cause is missing authorization in an AJAX action that serves post content to authenticated users, enabling subscribers to read content from password-protected posts. Reported base CVSS v3.1 score is 4.3 (Med...

CVE-2024-6487

CVE-2024-6487 affects the Inline Related Posts WordPress plugin prior to 3.8.0. The issue is due to insufficient sanitization/escaping of plugin settings, which could allow high-privilege users (e.g., Administrators) to perform Stored XSS, including scenarios where unfiltered_html is disallowed (...

CVE-2024-5626

CVE-2024-5626 affects the Inline Related Posts WordPress plugin prior to version 3.7.0. The issue is that a parameter is not properly sanitized/escaped before being output, causing a Reflected XSS that could target high-privilege users (e.g., admins). The recommended fix is to upgrade to version ...