In Custom Related Posts plugin for WordPress versions 1.7.3 and prior a medium severity vulnerability CVE-2024-12825 was detected. This vulnerability allows attackers with Subscriber-level access and above to search posts and modify link/unlink relations due to missing capability checks on three AJAX actions. To address this issue, users should upgrade Custom Related Posts plugin to version 1.7.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12825.
WordPress: Unauthorized Access & Data Modification in Custom Related Posts plugin
by the Hossted team
03.02.2025