Vulnerabilities and security researches forintelly-related-posts intelly-related-posts

Jun 07, 2024

CVE, Research URL: CVE-2024-2444
Home page URL: Security reports for Inline Related Posts
Application: Inline Related Posts
Date: Apr 06, 2024
Research Description: The Inline Related Posts WordPress plugin before 3.5.0 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Affected versions: max 3.5.0.
Status: vulnerable

CVE, Research URL: CVE-2023-6257
Home page URL: Security reports for Inline Related Posts
Application: Inline Related Posts
Date: Apr 11, 2024
Research Description: The Inline Related Posts WordPress plugin before 3.6.0 does not ensure that post content displayed via an AJAX action are accessible to the user, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts
Affected versions: max 3.6.0.
Status: vulnerable

CVE, Research URL: CVE-2024-31426
Home page URL: Security reports for Inline Related Posts
Application: Inline Related Posts
Date: Apr 15, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Data443 Inline Related Posts.This issue affects Inline Related Posts: from n/a through 3.3.1.
Affected versions: max 3.4.0.
Status: vulnerable

CVE, Research URL: c816f131b434595adf5aa9bd19bae71edf6c4788
Home page URL: Security reports for Inline Related Posts
Application: Inline Related Posts
Date: Oct 09, 2021
Research Description: Inline Related Posts [intelly-related-posts] < 3.0.5 WordPress Inline Related Posts plugin <= 3.0.4 - Cross-Site Scripting (XSS) vulnerability Cross-Site Scripting (XSS) vulnerability discovered by Martin Vierula (Trustwave) in WordPress Inline Related Posts plugin (versions <= 3.0.4).
Affected versions: max 3.0.5.
Status: vulnerable

Jul 04, 2024

CVE, Research URL: CVE-2024-5626
Home page URL: Security reports for Inline Related Posts
Application: Inline Related Posts
Date: Jul 12, 2024
Research Description: The Inline Related Posts WordPress plugin before 3.7.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Affected versions: max 3.7.0.
Status: vulnerable

Jul 30, 2024

CVE, Research URL: CVE-2024-6487
Home page URL: Security reports for Inline Related Posts
Application: Inline Related Posts
Date: Jul 29, 2024
Research Description: The Inline Related Posts WordPress plugin before 3.8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected versions: max 3.8.0.
Status: vulnerable

May 09, 2025

CVE, Research URL: CVE-2025-47604
Home page URL: Security reports for Inline Related Posts
Application: Inline Related Posts
Date: May 07, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 Risk Migitation, Inc. Inline Related Posts allows Stored XSS. This issue affects Inline Related Posts: from n/a through 3.8.0.
Affected versions: max 3.8.0.
Status: vulnerable