YARPP Plugin Vulnerable – Critical – 27 Jan 2023
Just received a warning regarding… “Yet Another Related Posts Plugin (YARPP)” has a security vulnerability.”
Plugin Name: Yet Another Related Posts Plugin (YARPP)
Current Plugin Version: 5.30.1
Details: To protect your site from this vulnerability, the safest option is to deactivate and completely remove “Yet Another Related Posts Plugin (YARPP)” until a patched version is available. Get more information. (opens in new tab)
Repository URL: https://wordpress.org/plugins/yet-another-related-posts-plugin
Vulnerability Information: The YARPP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcodes in versions up to, and including, 5.30.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
I’ve recommended this plugin so many times now… those users will not be happy with me for long, if this doesn’t get fixed quickly.
Thank you in advance,
- You must be logged in to reply to this topic.