The YARPP (Yet Another Related Posts Plugin) for WordPress is widely used to generate lists of related posts. With over 26,000 websites potentially exposed, the vulnerability poses a significant risk due to the plugin’s popularity.
| Product | yet-another-related-posts-plugin |
| Date | 2024-12-30 12:00:56 |
| Information |
|
Technical Summary
The YARPP plugin, up to and including version 5.30.10, suffers from a lack of capability checks in the yarpp_pro_set_display_types.php file. This vulnerability allows unauthenticated attackers to manipulate display types by sending specially crafted HTTP requests.
Exploit Example
An attacker can exploit this vulnerability using the following HTTP request:
GET /wp-content/plugins/yet-another-related-posts-plugin/includes/yarpp_pro_set_display_types.php?ypsdt=false&types[]=post&types[]=page HTTP/1.1
Host: vulnerable-website.com
- The
ypsdt=falseparameter allows bypassing an initial check. - The
types[]parameter allows attackers to set unauthorized display types.
Recommendations
- Update the plugin: Upgrade to the latest version of the YARPP plugin, as the vendor may have resolved the issue in subsequent versions.
- Restrict access: Use server-level access controls to restrict access to the
includes/yarpp_pro_set_display_types.phpfile. - Apply a WAF rule: Implement a Web Application Firewall (WAF) to block suspicious requests directed at this endpoint.
[Callforaction-THREAT-Footer]
