CVE-2024-43919: Missing Authorization in YARPP Plugin (<= 5.30.10)

ISGroup Cybersecurity

The YARPP (Yet Another Related Posts Plugin) for WordPress is widely used to generate lists of related posts. With over 26,000 websites potentially exposed, the vulnerability poses a significant risk due to the plugin’s popularity.

Productyet-another-related-posts-plugin
Date2024-12-30 12:00:56
Information
  • Trending
  • Fix Available

Technical Summary

The YARPP plugin, up to and including version 5.30.10, suffers from a lack of capability checks in the yarpp_pro_set_display_types.php file. This vulnerability allows unauthenticated attackers to manipulate display types by sending specially crafted HTTP requests.

Exploit Example

An attacker can exploit this vulnerability using the following HTTP request:

GET /wp-content/plugins/yet-another-related-posts-plugin/includes/yarpp_pro_set_display_types.php?ypsdt=false&types[]=post&types[]=page HTTP/1.1
Host: vulnerable-website.com
  • The ypsdt=false parameter allows bypassing an initial check.
  • The types[] parameter allows attackers to set unauthorized display types.

Recommendations

  1. Update the plugin: Upgrade to the latest version of the YARPP plugin, as the vendor may have resolved the issue in subsequent versions.
  2. Restrict access: Use server-level access controls to restrict access to the includes/yarpp_pro_set_display_types.php file.
  3. Apply a WAF rule: Implement a Web Application Firewall (WAF) to block suspicious requests directed at this endpoint.

[Callforaction-THREAT-Footer]