Vulnerabilities and security researches forintelly-related-posts intelly-related-posts

Jun 07, 2024

CVE, Research URL: CVE-2024-2444
Home page URL: Security reports for Inline Related Posts
Application: Inline Related Posts
Date: Apr 06, 2024
Research Description: The Inline Related Posts WordPress plugin before 3.5.0 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Affected versions: max 3.5.0.
Status: vulnerable

CVE, Research URL: CVE-2023-6257
Home page URL: Security reports for Inline Related Posts
Application: Inline Related Posts
Date: Apr 11, 2024
Research Description: The Inline Related Posts WordPress plugin before 3.6.0 is missing authorization in an AJAX action to ensure that users are allowed to see the content of the posts displayed, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts
Affected versions: max 3.6.0.
Status: vulnerable

CVE, Research URL: CVE-2024-31426
Home page URL: Security reports for Inline Related Posts
Application: Inline Related Posts
Date: Apr 15, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Data443 Inline Related Posts.This issue affects Inline Related Posts: from n/a through 3.3.1.
Affected versions: max 3.4.0.
Status: vulnerable

CVE, Research URL: c816f131b434595adf5aa9bd19bae71edf6c4788
Home page URL: Security reports for Inline Related Posts
Application: Inline Related Posts
Date: Oct 09, 2021
Research Description: Inline Related Posts [intelly-related-posts] < 3.0.5 WordPress Inline Related Posts plugin <= 3.0.4 - Cross-Site Scripting (XSS) vulnerability Cross-Site Scripting (XSS) vulnerability discovered by Martin Vierula (Trustwave) in WordPress Inline Related Posts plugin (versions <= 3.0.4).
Affected versions: max 3.0.5.
Status: vulnerable

Jul 04, 2024

CVE, Research URL: CVE-2024-5626
Home page URL: Security reports for Inline Related Posts
Application: Inline Related Posts
Date: Jul 12, 2024
Research Description: The Inline Related Posts WordPress plugin before 3.7.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Affected versions: max 3.7.0.
Status: vulnerable

Jul 30, 2024

CVE, Research URL: CVE-2024-6487
Home page URL: Security reports for Inline Related Posts
Application: Inline Related Posts
Date: Jul 29, 2024
Research Description: The Inline Related Posts WordPress plugin before 3.8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected versions: max 3.8.0.
Status: vulnerable

May 09, 2025

CVE, Research URL: CVE-2025-47604
Home page URL: Security reports for Inline Related Posts
Application: Inline Related Posts
Date: May 07, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 Risk Mitigation, Inc. Inline Related Posts intelly-related-posts allows Stored XSS.This issue affects Inline Related Posts: from n/a through <= 3.8.0.
Affected versions: max 3.9.0.
Status: vulnerable

Jun 16, 2026

CVE, Research URL: 8b9ee477f3905d19661a39145d5228f7ba92588d
Home page URL: Security reports for Inline Related Posts
Application: Inline Related Posts
Date: Oct 09, 2021
Research Description: Inline Related Posts [intelly-related-posts] < 3.0.5 Inline Related Posts <= 3.0.4 - Authenticated (Admin+) Cross-Site Scripting The Inline Related Posts plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative capabilities, to inject arbitrary web scripts that execute in a victim's browser. This only affects multi-site installations, and installations where unfiltered_html has been disabled.
Affected versions: max 3.0.5.
Status: vulnerable