Never5

never5

8 CVEs • 3 products

Products (3)

Click to collapse

Toggle

Download Monitor

download_monitor

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-0592 1Never5 1Related Posts Jun 17, 2026 Mar 13, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the handle_create_link...Show more The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the handle_create_link() function. This makes it possible for unauthenticated attackers to add related posts to other posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This ultimately makes it possible for attackers to view draft and password protected posts.Show less
CVE-2023-28931 1Never5 1Post Connector Jun 17, 2026 Aug 8, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Never5 Post Connector plugin <= 1.0.9 versions.
CVE-2022-3506 1Never5 1Related Posts Jun 17, 2026 Oct 14, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-site Scripting (XSS) - Stored in GitHub repository barrykooij/related-posts-for-wp prior to 2.1.3.
CVE-2021-24482 1Never5 1Related Posts Jun 17, 2026 Jul 19, 2021 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 The Related Posts for WordPress plugin through 2.0.4 does not sanitise its heading_text and CSS settings, allowing high privilege users (admin) to set XSS payloads in them, leading to Stored Cross-Site Scripting issues.
CVE-2021-24180 1Never5 1Related Posts Jun 17, 2026 Apr 5, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Unvalidated input and lack of output encoding within the Related Posts for WordPress plugin before 2.0.4 lead to a Reflected Cross-Site Scripting (XSS) vulnerability within the 'lang' GET parameter while editing a post,...Show more Unvalidated input and lack of output encoding within the Related Posts for WordPress plugin before 2.0.4 lead to a Reflected Cross-Site Scripting (XSS) vulnerability within the 'lang' GET parameter while editing a post, triggered when users with the capability of editing posts access a malicious URL.Show less
CVE-2015-9362 1Never5 1Post Connector Nov 21, 2024 Aug 28, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The Post Connector plugin before 1.0.4 for WordPress has XSS via add_query_arg() and remove_query_arg().
CVE-2015-9361 1Never5 1Related Posts Nov 21, 2024 Aug 28, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The Related Posts plugin before 1.8.2 for WordPress has XSS via add_query_arg() and remove_query_arg().
CVE-2015-9296 1Never5 1Download Monitor Nov 21, 2024 Aug 13, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The download-monitor plugin before 1.7.1 for WordPress has XSS related to add_query_arg.