Every CVE whose affected-product data names Never5 Related Posts, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2015-9361 — CVSS 6.1 (medium): The Related Posts plugin before 1.8.2 for WordPress has XSS via add_query_arg() and remove_query_arg().
CVE-2021-24180 — CVSS 5.4 (medium): Unvalidated input and lack of output encoding within the Related Posts for WordPress plugin before 2.0.4 lead to a Reflected Cross-Site…
CVE-2022-3506 — CVSS 5.4 (medium): Cross-site Scripting (XSS) - Stored in GitHub repository barrykooij/related-posts-for-wp prior to 2.1.3.
CVE-2024-0592 — CVSS 5.4 (medium): The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including…
CVE-2021-24482 — CVSS 4.8 (medium): The Related Posts for WordPress plugin through 2.0.4 does not sanitise its heading_text and CSS settings, allowing high privilege users…