cleantalk
Vulnerabilities and Security Researches

YARPP – Yet Another Related Posts Plugin, CVE-2024-0602

CVE, Research URL

CVE-2024-0602

Home page URL

Security reports for YARPP – Yet Another Related Posts Plugin

Application

YARPP – Yet Another Related Posts Plugin

Published on
Feb 29, 2024
Research Description
The YARPP – Yet Another Related Posts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.30.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions
Min -, max 5.30.10.
Status
vulnerable
Previous vulnerability researches
YARPP – Yet Another Related Posts Plugin (CVE-2022-4471) , Jun 07, 2024
YARPP – Yet Another Related Posts Plugin (8355608a0a6abb435f35ab31d7b2dd3177896f21) , Jun 07, 2024
YARPP – Yet Another Related Posts Plugin (CVE-2023-0579) , Jun 07, 2024
YARPP – Yet Another Related Posts Plugin (CVE-2023-2433) , Jun 07, 2024
YARPP – Yet Another Related Posts Plugin (CVE-2022-45374) , Jun 07, 2024
New vulnerability
Post Rating and Review (CVE-2025-6538) , Jun 27, 2025
WP Masonry & Infinite Scroll (CVE-2025-5488) , Jun 27, 2025
Modern Design Library (CVE-2025-5842) , Jun 27, 2025
FastBook – Responsive Appointment Booking and Scheduling System (CVE-2025-25173) , Jun 27, 2025
Zapier for WordPress (CVE-2025-50010) , Jun 27, 2025