Cross-Site Request Forgery in Related Posts Plugins for WordPress
CVE-2024-12634

6.1MEDIUM

Key Information:

Vendor

WordPress
Status
Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By Pickplugins
Vendor
CVE Published:
7 March 2025

What is CVE-2024-12634?

The Related Posts, Inline Related Posts, Contextual Related Posts, and Related Content By PickPlugins plugins for WordPress are affected by a Cross-Site Request Forgery vulnerability stemming from inadequate nonce validation. This oversight allows potential attackers to exploit the vulnerability by crafting malicious requests that can trick an administrator into executing unsafe actions, such as clicking a compromised link, thereby injecting harmful scripts without proper authentication.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins 2.0.59

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/related-post/t...
https://wordpress.org/plugins/related-post/#developers

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dale Mavers
JSON
.