WordPress Plugin Vulnerabilities

Related Posts for WordPress < 2.0.5 - Authenticated Stored XSS & XFS

Description

The plugin does not sanitise its heading_text and css settings, allowing high privilege users (admin) to set XSS payloads in them, leading to Stored Cross-Site Scripting issues.

Proof of Concept

Affects Plugins

Plugin icon
related-posts-for-wp
Fixed in 2.0.5

References

CVE
CVE-2021-24482
URL
https://m0ze.ru/vulnerability/[2021-04-18]-[WordPress]-[CWE-79]-Related-Posts-for-WordPress-WordPress-Plugin-v2.0.4.txt
URL
https://plugins.trac.wordpress.org/changeset/2559401/related-posts-for-wp

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.5 (medium)

Miscellaneous

Original Researcher
m0ze
Submitter
m0ze
Submitter website
https://m0ze.ru
Submitter twitter
vladm0ze
Verified
Yes
WPVDB ID
2f86e418-22fd-4cb8-8de1-062b17cf20a7

Timeline

Publicly Published
2021-05-17 (about 4 years ago)
Added
2021-06-25 (about 4 years ago)
Last Updated
2022-01-02 (about 3 years ago)

Other

Published
Title
Published
2024-10-15
Title
Kama SpamBlock < 1.8.3 - Reflected Cross-Site Scripting
Published
2024-06-04
Title
Brizy – Page Builder < 2.4.44 - Unauthenticated Stored Cross-Site Scripting via Form
Published
2024-10-28
Title
SMSAlert - WooCommerce < 3.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via sa_subscribe Shortcode
Published
2025-02-02
Title
SW Plus <= 2.1 - Reflected Cross-Site Scripting
Published
2025-05-20
Title
WP YouTube Video Optimizer <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting