Inline Related Posts < 3.5.0 – Admin+ Stored XSS | CVE 2024-2444 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

Proof of Concept

Put the following payload in the CSS margin-top settings: 0 em" onmouseover=alert(/XSS/)//

The payload will be triggered when moving the mouse over the "See also" link in any post/page

Affects Plugins

intelly-related-posts

Fixed in 3.5.0

References

CVE

URL

https://research.cleantalk.org/cve-2024-2444/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Dmitrii Ignatyev

Submitter

Dmitrii Ignatyev

Submitter website

https://research.cleantalk.org

Verified

Yes

WPVDB ID

214e5fd7-8684-418a-b67d-60b1dcf11a48

Timeline

Publicly Published

2024-03-16 (about 1 year ago)

Added

2024-03-16 (about 1 year ago)

Last Updated

2024-03-28 (about 1 year ago)

Other

Published

Title

Published

2024-12-30

Title

Pronamic Google Maps < 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2023-12-04

Title

Dashboard Widgets Suite < 3.4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Published

2021-07-31

Title

WP Dialog <= 1.2.5.5 - Authenticated Stored Cross-Site Scripting

Published

2025-08-22

Title

tli.tl auto Twitter poster <= 3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

Published

2024-03-28

Title

Sydney Toolbox < 1.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via _id