Inline Related Posts < 3.6.0 – Subscriber+ Password Protected Post Read | CVE 2023-6257 | Plugin Vulnerabilities

Description

The plugin is missing authorization in an AJAX action to ensure that users are allowed to see the content of the posts displayed, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts

Proof of Concept

When logged in as a subscriber, open the following URL and note that the content of password protected posts is displayed : https://example.com/wp-admin/admin-ajax.php?action=irp_list_posts

Affects Plugins

intelly-related-posts

Fixed in 3.6.0

References

CVE

Classification

Type

AUTHBYPASS

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Krzysztof Zając (CERT PL)

Submitter

Krzysztof Zając (CERT PL)

Submitter website

https://cert.pl

Submitter twitter

Verified

Yes

WPVDB ID

19a86448-8d7c-4f02-9290-d9f93810e6e1

Timeline

Publicly Published

2024-03-21 (about 1 year ago)

Added

2024-03-21 (about 1 year ago)

Last Updated

2024-08-29 (about 1 year ago)

Other

Published

Title

Published

2024-10-15

Title

UltimateAI <= 2.8.3 - Limited User Password Reset

Published

2025-04-07

Title

Survey Maker < 5.1.6.4 - Unauthenticated Authorization Bypass

Published

2024-11-04

Title

Social Login - WordPress / WooCommerce Plugin < 2.7.8 - Authentication Bypass

Published

2025-08-22

Title

Simpler Checkout 0.7.0 - 1.1.9 - Authentication Bypass

Published

2025-12-12

Title

JAY Login & Register < 2.5.01 - Authentication Bypass via Cookie