CVE-2024-5626 Inline Related Posts < 3.7.0 - Reflected XSS

2024-07-1206:00:06

WPScan

github.com

wordpress

reflected cross-site scripting

high privilege

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

17.5%

SSVC

Exploitation

poc

Automatable

Technical Impact

partial

JSON

The Inline Related Posts WordPress plugin before 3.7.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:data443:inline_related_posts:*:*:*:*:*:wordpress:*:*"
    ],
    "vendor": "data443",
    "product": "inline_related_posts",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "3.7.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]