Yarpp Yet Another Related Posts Plugin — known CVE vulnerabilities
Every CVE whose affected-product data names Yarpp Yet Another Related Posts Plugin, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2023-0579 — CVSS 8.8 (high): The YARPP WordPress plugin before 5.30.3 does not validate and escape some of its shortcode attributes before using them in SQL…
CVE-2022-45374 — CVSS 7.7 (high): Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in YARPP allows PHP Local File Inclusion.This…
CVE-2023-2433 — CVSS 6.4 (medium): The YARPP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'className' parameter in versions up to, and including…
CVE-2022-4471 — CVSS 5.4 (medium): The YARPP WordPress plugin before 5.30.3 does not validate and escape some of its shortcode attributes before outputting them back in a…
CVE-2024-43919 — CVSS 5.3 (medium): Access Control vulnerability in YARPP YARPP allows . This issue affects YARPP: from n/a through 5.30.10.
CVE-2023-6495 — CVSS 4.4 (medium): The YARPP – Yet Another Related Posts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all…
CVE-2024-0602 — CVSS 4.4 (medium): The YARPP – Yet Another Related Posts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all…