CVE-2011-0760

Name of the Vulnerable Software and Affected Versions WP Related Posts plugin version 1.0

Description The issue affects the configuration screen in wp-relatedposts.php, where multiple cross-site request forgery (CSRF) vulnerabilities exist. These vulnerabilities allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences. The vulnerable parameters are wp relatedposts title, wp relatedposts num, and wp relatedposts type.

Recommendations For WP Related Posts plugin version 1.0, avoid using the parameters wp relatedposts title, wp relatedposts num, and wp relatedposts type in the configuration screen until the issue is resolved. As a temporary workaround, consider restricting access to the configuration screen in wp-relatedposts.php to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.