CVE-2024-2444

Name of the Vulnerable Software and Affected Versions Inline Related Posts WordPress plugin versions prior to 3.5.0

Description The issue concerns the Inline Related Posts WordPress plugin, which does not properly sanitise and escape some of its settings. This could allow high-privilege users, such as Admin, to perform Cross-Site Scripting attacks, even when unfiltered html is disallowed. Over 100,000 WordPress sites are potentially at risk, and attackers could execute Stored XSS, potentially creating JavaScript backdoors.

Recommendations For versions prior to 3.5.0, update to version 3.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's settings to minimize the risk of exploitation. Avoid using the vulnerable settings in the affected plugin until the issue is resolved.