Vulnerabilities > Never5

DATE CVE VULNERABILITY TITLE RISK
2023-08-08 CVE-2023-28931 Unspecified vulnerability in Never5 Post Connector 1.0.4/1.0.9
Auth.
network
low complexity
never5
4.8
2022-10-14 CVE-2022-3506 Unspecified vulnerability in Never5 Related Posts
Cross-site Scripting (XSS) - Stored in GitHub repository barrykooij/related-posts-for-wp prior to 2.1.3.
network
low complexity
never5
5.4
2021-07-19 CVE-2021-24482 Unspecified vulnerability in Never5 Related Posts
The Related Posts for WordPress plugin through 2.0.4 does not sanitise its heading_text and CSS settings, allowing high privilege users (admin) to set XSS payloads in them, leading to Stored Cross-Site Scripting issues.
network
low complexity
never5
4.8
2021-04-05 CVE-2021-24180 Cross-site Scripting vulnerability in Never5 Related Posts
Unvalidated input and lack of output encoding within the Related Posts for WordPress plugin before 2.0.4 lead to a Reflected Cross-Site Scripting (XSS) vulnerability within the 'lang' GET parameter while editing a post, triggered when users with the capability of editing posts access a malicious URL.
network
low complexity
never5 CWE-79
5.4
2019-08-28 CVE-2015-9362 Cross-site Scripting vulnerability in Never5 Post Connector
The Post Connector plugin before 1.0.4 for WordPress has XSS via add_query_arg() and remove_query_arg().
network
low complexity
never5 CWE-79
6.1
2019-08-28 CVE-2015-9361 Cross-site Scripting vulnerability in Never5 Related Posts
The Related Posts plugin before 1.8.2 for WordPress has XSS via add_query_arg() and remove_query_arg().
network
low complexity
never5 CWE-79
6.1
2019-08-13 CVE-2015-9296 Cross-site Scripting vulnerability in Never5 Download Monitor
The download-monitor plugin before 1.7.1 for WordPress has XSS related to add_query_arg.
network
low complexity
never5 CWE-79
6.1