CVE-2024-43919 Scanner
CVE-2024-43919 Scanner - Missing Authorization vulnerability in Yet Another Related Posts Plugin
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
18 days 6 hours
Scan only one
URL
Toolbox
-
The Yet Another Related Posts Plugin (YARPP) is a WordPress plugin used to display related posts on websites. It is primarily utilized by WordPress site administrators to enhance user engagement by showcasing similar content. The plugin supports various display types, providing customizable options for site owners.
The vulnerability detected in this plugin is Missing Authorization, allowing unauthenticated attackers to set display types via a missing capability check in the `yarpp_pro_set_display_types.php` file. This issue impacts versions up to and including 5.30.10.
Attackers exploit this vulnerability by sending crafted HTTP GET requests to the vulnerable endpoint, bypassing authentication checks. The affected parameter is improperly validated, allowing arbitrary modifications.
If exploited, this vulnerability may enable unauthorized changes to the website's display settings, leading to potential disruption of user experience or injection of malicious content. It also opens the possibility of other unauthorized actions on the website.
REFERENCES
- https://github.com/RandomRobbieBF/CVE-2024-43919
- https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/yet-another-related-posts-plugin/yarpp-53010-missing-authorization
- https://patchstack.com/database/vulnerability/yet-another-related-posts-plugin/wordpress-yet-another-related-posts-plugin-yarpp-plugin-5-30-10-broken-access-control-vulnerability?_s_id=cve
- https://nvd.nist.gov/vuln/detail/CVE-2024-43919
