CVE-2019-11869

Name of the Vulnerable Software and Affected Versions Yuzo Related Posts plugin version 5.12.94

Description The issue arises from the plugin mistakenly assuming that the is admin() function verifies the request origin as an admin user, when in fact it only checks if the request is for an admin page. This allows an unauthenticated attacker to inject malicious payload into the plugin settings, such as the yuzo related post css and style setting.

Recommendations For Yuzo Related Posts plugin version 5.12.94, consider disabling the plugin until a patch is available to prevent potential exploitation. Restrict access to the plugin settings to minimize the risk of malicious payload injection. Avoid using the yuzo related post css and style setting in the plugin until the issue is resolved.