Title: Vulnerability patch? Last modified: November 11, 2024 --- # Vulnerability patch? * Resolved [John](https://wordpress.org/support/users/dsl225/) * (@dsl225) * [1 year, 9 months ago](https://wordpress.org/support/topic/vulnerability-patch-2/) * Hello, * Is there a patch planned for fixing existing vulnerability? Viewing 9 replies - 1 through 9 (of 9 total) * Plugin Author [YARPP](https://wordpress.org/support/users/jeffparker/) * (@jeffparker) * [1 year, 9 months ago](https://wordpress.org/support/topic/vulnerability-patch-2/#post-17984328) * There is no known vulnerability at the moment. Can you please elaborate? * Thread Starter [John](https://wordpress.org/support/users/dsl225/) * (@dsl225) * [1 year, 9 months ago](https://wordpress.org/support/topic/vulnerability-patch-2/#post-17985209) * Solid Security plugin (former iThemes Security) keeps sending this alert since a couple of days and I thought you got the same – although it doesn’t seem very important: * [https://patchstack.com/database/vulnerability/yet-another-related-posts-plugin/wordpress-yet-another-related-posts-plugin-yarpp-plugin-5-30-10-broken-access-control-vulnerability?_a_id=431](https://patchstack.com/database/vulnerability/yet-another-related-posts-plugin/wordpress-yet-another-related-posts-plugin-yarpp-plugin-5-30-10-broken-access-control-vulnerability?_a_id=431) * [Chad Cloman](https://wordpress.org/support/users/chadcloman/) * (@chadcloman) * [1 year, 9 months ago](https://wordpress.org/support/topic/vulnerability-patch-2/#post-17986500) * I think normally they try to send you some sort of notification that they’ve found a vulnerability, but given what I saw on the Patchstack site, that notification would likely appear to be spam if you didn’t know what it was. * They want you to [sign up for their service](https://patchstack.com/for-plugins) as a plugin developer/owner and claim ownership of the plugin. Then they’ll provide the details of the vulnerability and, once you’ve fixed it, verify the vulnerability is gone and mark it as fixed. * They pay people to find vulnerabilities. They verify the vulnerabilities and then publish them. And the Solid Security plugin (which I also use) subscribes to their service. * Sounds like it’s an actual vulnerability though. * Good luck! * [kevinbrands](https://wordpress.org/support/users/kevinbrands/) * (@kevinbrands) * [1 year, 9 months ago](https://wordpress.org/support/topic/vulnerability-patch-2/page/2/#post-17998352) * We have WP Defender, it’s reporting this: * — * CVSS Score 5.3 * WordPress Yet Another Related Posts Plugin (YARPP) plugin <= 5.30.10 – Broken Access Control vulnerability * -Vulnerability type: Broken Access Control -No Update Available * — * A fix would be greatly appreciated! - This reply was modified 1 year, 9 months ago by [kevinbrands](https://wordpress.org/support/users/kevinbrands/). - This reply was modified 1 year, 9 months ago by [kevinbrands](https://wordpress.org/support/users/kevinbrands/). - This reply was modified 1 year, 9 months ago by [kevinbrands](https://wordpress.org/support/users/kevinbrands/). * [ReallyDeeJ](https://wordpress.org/support/users/reallydeej/) * (@reallydeej) * [1 year, 9 months ago](https://wordpress.org/support/topic/vulnerability-patch-2/page/2/#post-18002632) * Still no patch? 🙁 * [gillico](https://wordpress.org/support/users/gillico/) * (@gillico) * [1 year, 9 months ago](https://wordpress.org/support/topic/vulnerability-patch-2/page/2/#post-18004547) * another request to patch the current vulnerability, I received a message from my host last week saying it needed to be deactivated because no patch was available. * [victormontes](https://wordpress.org/support/users/victormontes/) * (@victormontes) * [1 year, 9 months ago](https://wordpress.org/support/topic/vulnerability-patch-2/page/2/#post-18005587) * Same here * ![](https://i0.wp.com/i.ibb.co/Q61y5vt/yarpp.png?ssl=1) - This reply was modified 1 year, 9 months ago by [victormontes](https://wordpress.org/support/users/victormontes/). Reason: bad image * Moderator [Support Moderator](https://wordpress.org/support/users/moderator/) * (@moderator) * [1 year, 9 months ago](https://wordpress.org/support/topic/vulnerability-patch-2/page/2/#post-18011345) * Moderator note: NO MORE “ME, TOO” TOPICS. * If you want to follow this topic, click “subscribe” on the right. * Plugin Author [YARPP](https://wordpress.org/support/users/jeffparker/) * (@jeffparker) * [1 year, 7 months ago](https://wordpress.org/support/topic/vulnerability-patch-2/page/2/#post-18127637) * Hello everyone, * We have been tracking progress of this bug over at this thread – [https://wordpress.org/support/topic/update-713/](https://wordpress.org/support/topic/update-713/) * **UPDATE: **New version with patch is live! Please update to version **5.30.11** or newer. * [https://wordpress.org/plugins/yet-another-related-posts-plugin/#developers](https://wordpress.org/plugins/yet-another-related-posts-plugin/#developers) * We have notified Patchstack (reporter of bug). They should mark this as resolved soon, which then should make its way to Wordfence and others. * In case you were not following along the other thread, there was zero risk as the “bug” was in a section of code that hasn’t been referenced or called for many years (dead code). * Thank you so much for your patience through this. Please update ASAP. Viewing 9 replies - 1 through 9 (of 9 total) The topic ‘Vulnerability patch?’ is closed to new replies. * ![](https://ps.w.org/yet-another-related-posts-plugin/assets/icon-256x256.png? rev=2549977) * [YARPP - Yet Another Related Posts Plugin](https://wordpress.org/plugins/yet-another-related-posts-plugin/) * [Frequently Asked Questions](https://wordpress.org/plugins/yet-another-related-posts-plugin/#faq) * [Support Threads](https://wordpress.org/support/plugin/yet-another-related-posts-plugin/) * [Active Topics](https://wordpress.org/support/plugin/yet-another-related-posts-plugin/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/yet-another-related-posts-plugin/unresolved/) * [Reviews](https://wordpress.org/support/plugin/yet-another-related-posts-plugin/reviews/) * 17 replies * 16 participants * Last reply from: [YARPP](https://wordpress.org/support/users/jeffparker/) * Last activity: [1 year, 7 months ago](https://wordpress.org/support/topic/vulnerability-patch-2/page/2/#post-18127637) * Status: resolved