Title: Update
Last modified: September 26, 2024

---

# Update

 *  Resolved [kkow](https://wordpress.org/support/users/kkow/)
 * (@kkow)
 * [1 year, 9 months ago](https://wordpress.org/support/topic/update-713/)
 * It’s been almost a month, can we please get an update on the patch. Is it in 
   the works at least?
 * Thank you

Viewing 15 replies - 1 through 15 (of 17 total)

1 [2](https://wordpress.org/support/topic/update-713/page/2/?output_format=md) [→](https://wordpress.org/support/topic/update-713/page/2/?output_format=md)

 *  [John](https://wordpress.org/support/users/dsl225/)
 * (@dsl225)
 * [1 year, 9 months ago](https://wordpress.org/support/topic/update-713/#post-18050686)
 * This plugin seems to be dead.
 * Moving here: [https://wordpress.org/plugins/related-posts-for-wp/](https://wordpress.org/plugins/related-posts-for-wp/)
 *  [circlecast](https://wordpress.org/support/users/circlecast/)
 * (@circlecast)
 * [1 year, 9 months ago](https://wordpress.org/support/topic/update-713/#post-18055828)
 * Yeah and you might want to change plug ins it appears that there is a security
   vulnerability
   [https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/yet-another-related-posts-plugin/yarpp-53010-missing-authorization](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/yet-another-related-posts-plugin/yarpp-53010-missing-authorization)
 *  Plugin Author [YARPP](https://wordpress.org/support/users/jeffparker/)
 * (@jeffparker)
 * [1 year, 9 months ago](https://wordpress.org/support/topic/update-713/#post-18061027)
 * Hi [@kkow](https://wordpress.org/support/users/kkow/) We’re looking into the 
   issue. Thank you for your patience.
 *  [gw808092](https://wordpress.org/support/users/gw808092/)
 * (@gw808092)
 * [1 year, 9 months ago](https://wordpress.org/support/topic/update-713/#post-18066761)
 * [@jeffparker](https://wordpress.org/support/users/jeffparker/) Please, kindly
   update your plugin vulnerability issue as soon as possible. Thanks
 *  Plugin Author [YARPP](https://wordpress.org/support/users/jeffparker/)
 * (@jeffparker)
 * [1 year, 8 months ago](https://wordpress.org/support/topic/update-713/#post-18082092)
 * We have reached out to Patchstack, who has published this, for more information.
   We don’t seem to have any record of being notified by them. We have since reached
   out to them and are awaiting details on how to replicate the bug. It should be
   resolved shortly after we get the necessary information from them.
 * As noted by Patchstack (the one that found the bug and published the report),
   this issue has **“a low severity impact and is unlikely to be exploited.”**  …
   as per [https://patchstack.com/database/vulnerability/yet-another-related-posts-plugin/wordpress-yet-another-related-posts-plugin-yarpp-plugin-5-30-10-broken-access-control-vulnerability](https://patchstack.com/database/vulnerability/yet-another-related-posts-plugin/wordpress-yet-another-related-posts-plugin-yarpp-plugin-5-30-10-broken-access-control-vulnerability)
 * Again, thank you for your patience.
 *  [Trish](https://wordpress.org/support/users/trible/)
 * (@trible)
 * [1 year, 8 months ago](https://wordpress.org/support/topic/update-713/#post-18083650)
 * [YARPP](https://wordpress.org/support/users/jeffparker/) (@jeffparker) 
   Wordfence
   has posted on this security issue here: [https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/yet-another-related-posts-plugin/yarpp-53010-missing-authorization](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/yet-another-related-posts-plugin/yarpp-53010-missing-authorization)
   Please, do fix a.s.a.p?Thanks,Trish
 *  Plugin Author [YARPP](https://wordpress.org/support/users/jeffparker/)
 * (@jeffparker)
 * [1 year, 8 months ago](https://wordpress.org/support/topic/update-713/#post-18084205)
 * Hi [@trible](https://wordpress.org/support/users/trible/) We’re on it. Hope to
   hear back from Patchstack soon.
 *  [Pjotter](https://wordpress.org/support/users/pjvermij/)
 * (@pjvermij)
 * [1 year, 8 months ago](https://wordpress.org/support/topic/update-713/#post-18086265)
 * Hi all, Really Simple Security is listing this vulnerability this way:
 * ————
 * Access violation vulnerability in YARPP – Yet Another Related Posts Plugin 5.30.10
    - [[[CVE-2024-43919](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43919)
 *  - Severity: medium-risk
    - Status: Open
    - Publication: August 26, 2024
 * The YARPP plugin for WordPress has a security issue that allows unauthorized 
   access. This means that anyone can perform actions without being properly authenticated.
 *  Plugin Author [YARPP](https://wordpress.org/support/users/jeffparker/)
 * (@jeffparker)
 * [1 year, 8 months ago](https://wordpress.org/support/topic/update-713/#post-18087006)
 * We’re yet to hear back from Patchstack. Followed up with them again today.
 * [@pjvermij](https://wordpress.org/support/users/pjvermij/) it seems overstated.
   Patchstack is the one that reported the bug. They themselves have assessed it
   as “**a low severity impact and is unlikely to be exploited.**” (published on
   their site) Given we’ve not been told as yet what the actual issue is, we’ll 
   concur until we find out more!
 *  Plugin Author [YARPP](https://wordpress.org/support/users/jeffparker/)
 * (@jeffparker)
 * [1 year, 8 months ago](https://wordpress.org/support/topic/update-713/#post-18088480)
 * **Update:** We’ve heard back. There is zero risk as the “bug” is in a section
   of code that isn’t even referenced anymore (dead code). Will address.
 *  [asadowski10](https://wordpress.org/support/users/asadowski10/)
 * (@asadowski10)
 * [1 year, 8 months ago](https://wordpress.org/support/topic/update-713/page/2/#post-18099790)
 * [@jeffparker](https://wordpress.org/support/users/jeffparker/)
 * Are you planning a release to remove this dead code?
   This would allow security
   tools to consider that the flaw is no longer present, even if it doesn’t actually
   exist.Thanks
 *  [Pjotter](https://wordpress.org/support/users/pjvermij/)
 * (@pjvermij)
 * [1 year, 8 months ago](https://wordpress.org/support/topic/update-713/page/2/#post-18115789)
 * [@jeffparker](https://wordpress.org/support/users/jeffparker/): That really would
   be great, since I love the plugin 😉
 *  [daniel.vos](https://wordpress.org/support/users/danielvos/)
 * (@danielvos)
 * [1 year, 8 months ago](https://wordpress.org/support/topic/update-713/page/2/#post-18127473)
 * [@jeffparker](https://wordpress.org/support/users/jeffparker/): Please add my
   name to the list of those who are eager to see the “dead code” removed from the
   plugin.
 *  Plugin Author [YARPP](https://wordpress.org/support/users/jeffparker/)
 * (@jeffparker)
 * [1 year, 8 months ago](https://wordpress.org/support/topic/update-713/page/2/#post-18127486)
 * Patch coming later today.
 *  Plugin Author [YARPP](https://wordpress.org/support/users/jeffparker/)
 * (@jeffparker)
 * [1 year, 8 months ago](https://wordpress.org/support/topic/update-713/page/2/#post-18127602)
 * New version with patch is live! Please update to version **5.30.11** or newer.
 * [https://wordpress.org/plugins/yet-another-related-posts-plugin/#developers](https://wordpress.org/plugins/yet-another-related-posts-plugin/#developers)
 * We have notified Patchstack (reporter of bug). They should mark this as resolved
   soon, which then should make its way to Wordfence and others.
 * Thank you so much for your patience through this. Please update ASAP.

Viewing 15 replies - 1 through 15 (of 17 total)

1 [2](https://wordpress.org/support/topic/update-713/page/2/?output_format=md) [→](https://wordpress.org/support/topic/update-713/page/2/?output_format=md)

The topic ‘Update’ is closed to new replies.

 * ![](https://ps.w.org/yet-another-related-posts-plugin/assets/icon-256x256.png?
   rev=2549977)
 * [YARPP - Yet Another Related Posts Plugin](https://wordpress.org/plugins/yet-another-related-posts-plugin/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/yet-another-related-posts-plugin/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/yet-another-related-posts-plugin/)
 * [Active Topics](https://wordpress.org/support/plugin/yet-another-related-posts-plugin/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/yet-another-related-posts-plugin/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/yet-another-related-posts-plugin/reviews/)

 * 23 replies
 * 9 participants
 * Last reply from: [Pjotter](https://wordpress.org/support/users/pjvermij/)
 * Last activity: [1 year, 7 months ago](https://wordpress.org/support/topic/update-713/page/2/#post-18133236)
 * Status: resolved