Patchstack does not provide any details of this exploit.
This is their recommended solution: This security issue has a low severity impact and is unlikely to be exploited.
If someone provides an actual example, we can look into it.
https://patchstack.com/database/wordpress/plugin/intelly-related-posts/vulnerability/wordpress-inline-related-posts-3-8-0-cross-site-scripting-xss-vulnerability?_s_id=cve
In response to (@data443), I apologize, but regardless of the level of vulnerability, it’s still a security flaw in the plugin. In my humble opinion, more and more tools are reporting this issue, so the necessary steps should be taken to improve and fix their product. I’ve attached the information provided by Wordfence.
This is their recommended solution: This security issue has a low severity impact and is unlikely to be exploited.
Nombre del plugin: Inline Related Posts
Versión actual del plugin: 3.8.0
Detalles: Para proteger tu sitio de esta vulnerabilidad, la opción más segura es desactivar y eliminar completamente «Inline Related Posts» hasta que haya una versión parcheada. https://www.wordfence.com/help/scan/scan-results/?utm_source=plugin&utm_medium=pluginUI&utm_campaign=docsIcon#plugin-has-a-security-vulnerability
Repositorio de URLs: https://ww.wp.xz.cn/plugins/intelly-related-posts
Información de la vulnerabilidad: https://www.wordfence.com/threat-intel/vulnerabilities/id/d1d113fd-efb4-4918-a5df-153e549836d6?source=plugin
Gravedad de la vulnerabilidad: 6.4/10.0 (Medio)
@data443 patchstack does not publicly post the details. You can visit https://patchstack.com/for-plugins and claim the plugin for free and then they will provide you with assistance.
Agreed with @anphira suggestion! Please consider, thanks. @data443
Any news on these security issues?
We’re happy to report that we got the exploit information from patchstack and have updated our plugin.
The fix has been released in version 3.9.0
