YARPP Plugin Vulnerable – Critical – 27 Jan 2023

Hi,

Just received a warning regarding… “Yet Another Related Posts Plugin (YARPP)” has a security vulnerability.”

Plugin Name: Yet Another Related Posts Plugin (YARPP)

Current Plugin Version: 5.30.1

Details: To protect your site from this vulnerability, the safest option is to deactivate and completely remove “Yet Another Related Posts Plugin (YARPP)” until a patched version is available. Get more information. (opens in new tab)

Repository URL: https://wordpress.org/plugins/yet-another-related-posts-plugin

Vulnerability Information: The YARPP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcodes in versions up to, and including, 5.30.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Please fix?

I’ve recommended this plugin so many times now… those users will not be happy with me for long, if this doesn’t get fixed quickly.

Thank you in advance,
Trish