Cross-Site Request Forgery in Related Posts Plugins for WordPress
CVE-2024-12634

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By Pickplugins
Vendor: CVE Published:; 7 March 2025

Summary

The Related Posts, Inline Related Posts, Contextual Related Posts, and Related Content By PickPlugins plugins for WordPress are affected by a Cross-Site Request Forgery vulnerability stemming from inadequate nonce validation. This oversight allows potential attackers to exploit the vulnerability by crafting malicious requests that can trick an administrator into executing unsafe actions, such as clicking a compromised link, thereby injecting harmful scripts without proper authentication.

Affected Version(s)

Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins 2.0.59

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/related-post/t...

https://wordpress.org/plugins/related-post/#developers

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 7, 2025
Vulnerability Reserved
Dec 13, 2024

Credit

Dale Mavers