Vulnerabilities and security researches forintelly-related-posts intelly-related-posts
Direction: descendingJun 16, 2026
Inline Related Posts # 8b9ee477f3905d19661a39145d5228f7ba92588d
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 09, 2021
- Research Description
- Inline Related Posts [intelly-related-posts] < 3.0.5 Inline Related Posts <= 3.0.4 - Authenticated (Admin+) Cross-Site Scripting The Inline Related Posts plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative capabilities, to inject arbitrary web scripts that execute in a victim's browser. This only affects multi-site installations, and installations where unfiltered_html has been disabled.
- Affected versions
-
max 3.0.5.
- Status
-
vulnerable
May 09, 2025
Inline Related Posts # CVE-2025-47604
- CVE, Research URL
- Home page URL
- Application
- Date
- May 07, 2025
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 Risk Mitigation, Inc. Inline Related Posts intelly-related-posts allows Stored XSS.This issue affects Inline Related Posts: from n/a through <= 3.8.0.
- Affected versions
-
max 3.9.0.
- Status
-
vulnerable
Jul 30, 2024
Inline Related Posts # CVE-2024-6487
- CVE, Research URL
- Home page URL
- Application
- Date
- Jul 29, 2024
- Research Description
- The Inline Related Posts WordPress plugin before 3.8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
- Affected versions
-
max 3.8.0.
- Status
-
vulnerable
Jul 04, 2024
Inline Related Posts # CVE-2024-5626
- CVE, Research URL
- Home page URL
- Application
- Date
- Jul 12, 2024
- Research Description
- The Inline Related Posts WordPress plugin before 3.7.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
- Affected versions
-
max 3.7.0.
- Status
-
vulnerable
Jun 07, 2024
Inline Related Posts # CVE-2024-2444
- CVE, Research URL
- Home page URL
- Application
- Date
- Apr 06, 2024
- Research Description
- The Inline Related Posts WordPress plugin before 3.5.0 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
- Affected versions
-
max 3.5.0.
- Status
-
vulnerable
Inline Related Posts # CVE-2023-6257
- CVE, Research URL
- Home page URL
- Application
- Date
- Apr 11, 2024
- Research Description
- The Inline Related Posts WordPress plugin before 3.6.0 is missing authorization in an AJAX action to ensure that users are allowed to see the content of the posts displayed, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts
- Affected versions
-
max 3.6.0.
- Status
-
vulnerable
Inline Related Posts # CVE-2024-31426
- CVE, Research URL
- Home page URL
- Application
- Date
- Apr 15, 2024
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in Data443 Inline Related Posts.This issue affects Inline Related Posts: from n/a through 3.3.1.
- Affected versions
-
max 3.4.0.
- Status
-
vulnerable
Inline Related Posts # c816f131b434595adf5aa9bd19bae71edf6c4788
- CVE, Research URL
- Home page URL
- Application
- Date
- Oct 09, 2021
- Research Description
- Inline Related Posts [intelly-related-posts] < 3.0.5 WordPress Inline Related Posts plugin <= 3.0.4 - Cross-Site Scripting (XSS) vulnerability Cross-Site Scripting (XSS) vulnerability discovered by Martin Vierula (Trustwave) in WordPress Inline Related Posts plugin (versions <= 3.0.4).
- Affected versions
-
max 3.0.5.
- Status
-
vulnerable