cleantalk
Vulnerabilities and Security Researches

Custom Related Posts, CVE-2024-12825

CVE, Research URL

CVE-2024-12825

Home page URL

Security reports for Custom Related Posts

Application

Custom Related Posts

Published on
Feb 01, 2025
Research Description
The Custom Related Posts plugin for WordPress is vulnerable to unauthorized access & modification of data due to a missing capability check on three AJAX actions in all versions up to, and including, 1.7.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to search posts and link/unlink relations.
Affected versions
Min -, max 1.7.4.
Status
vulnerable
Previous vulnerability researches
Custom Related Posts (CVE-2025-46227) , Apr 24, 2025
Custom Related Posts (CVE-2024-12825) , Feb 03, 2025
New vulnerability
Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light (CVE-2025-39378) , Apr 25, 2025
PowerPress Podcasting plugin by Blubrry (CVE-2024-9230) , Apr 25, 2025
Capturly (CVE-2025-39379) , Apr 25, 2025
Frontend Login and Registration Blocks (CVE-2025-3607) , Apr 25, 2025
Ultimate Dashboard – Custom WordPress Dashboard (CVE-2025-1523) , Apr 25, 2025