WordPress Plugin Vulnerabilities

Inline Related Posts < 3.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description

The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Affects Plugins

Plugin icon
intelly-related-posts
Fixed in 3.9.0

References

CVE
CVE-2025-47604
URL
https://patchstack.com/database/wordpress/plugin/intelly-related-posts/vulnerability/wordpress-inline-related-posts-3-8-0-cross-site-scripting-xss-vulnerability

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.4 (medium)

Miscellaneous

Original Researcher
muhammad yudha
Verified
No
WPVDB ID
6214ee75-377f-43eb-874a-3201e159872c

Timeline

Publicly Published
2025-05-07 (about 1 year ago)
Added
2025-05-13 (about 1 year ago)
Last Updated
2026-01-12 (about 4 months ago)

Other

Published
Title
Published
2014-10-06
Title
Easy Forms for MailChimp 3.0 - 5.0.6 Stored XSS
Published
2021-07-27
Title
Favicon by RealFaviconGenerator < 1.3.22 - Reflected Cross-Site Scripting (XSS)
Published
2015-03-04
Title
Plugin Info Card <= 2.3.6 - Authenticated XSS
Published
2013-02-27
Title
Events Manager < 5.3.6.1 - Multiple Cross-Site Scripting (XSS)
Published
2024-05-21
Title
Piotnet Addons For Elementor < 2.4.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widget Attributes