WordPress Plugin Vulnerabilities

YARPP – Yet Another Related Posts Plugin 4.2.4 - CSRF / XSS / RCE

Description

'Yet Another Related Posts Plugin' options can be updated with no token/nonce protection which an attacker may exploit via tricking website's administrator to enter a malformed page which will change YARPP options, and since some options allow html the attacker is able to inject malformed javascript code which can lead to code execution/administrator actions when the injected code is triggered by an admin user.

Proof of Concept

Affects Plugins

Plugin icon
yet-another-related-posts-plugin
Fixed in 4.2.5

References

Exploitdb
36954
URL
https://packetstormsecurity.com/files/#131830/
URL
https://web.archive.org/web/20150912144611/https://research.evex.pw/?vuln=15

Miscellaneous

Submitter
A. Samman
Submitter twitter
Evex_1337
Verified
No
WPVDB ID
2cae744c-cb0e-4757-8a4d-1e18d6074f0b

Timeline

Publicly Published
2015-05-08 (about 11 years ago)
Added
2015-05-08 (about 11 years ago)
Last Updated
2023-01-19 (about 3 years ago)

Other

Published
Title
Published
2014-11-10
Title
Another WordPress Classifieds Plugin < 3.0 - SQLi & XSS
Published
2014-08-12
Title
Disqus <= 2.75 - Cross-Site Scripting (XSS) & CSRF
Published
2019-07-11
Title
One Click SSL <= 1.4.6 - Multiple Issues
Published
2019-06-24
Title
Custom CSS Pro <= 1.0.3 - CSRF & XSS
Published
2019-09-20
Title
Motors Car Dealer & Classified Ads < 1.4.1 - Multiple Issues