CVE-2023-6257 : The Inline Related Posts WordPress plugin before 3.6.0 is missing authorization

The Inline Related Posts WordPress plugin before 3.6.0 is missing authorization in an AJAX action to ensure that users are allowed to see the content of the posts displayed, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts

Published 2024-04-11 05:15:47

Updated 2024-08-30 08:15:04

Source WPScan

View at NVD, CVE.org

Products affected by CVE-2023-6257

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2023-6257

EPSS FAQ

0.11%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 26 %

Percentile, the proportion of vulnerabilities that are scored at or less

References for CVE-2023-6257

https://wpscan.com/vulnerability/19a86448-8d7c-4f02-9290-d9f93810e6e1/

Inline Related Posts < 3.6.0 – Subscriber+ Password Protected Post Read | CVE 2023-6257 | Plugin Vulnerabilities

Jump to

Vulnerability Details : CVE-2023-6257

Products affected by CVE-2023-6257

Exploit prediction scoring system (EPSS) score for CVE-2023-6257

References for CVE-2023-6257