cbcvebase.
CVE-2024-43919
published 2024-11-01

CVE-2024-43919: Access Control vulnerability in YARPP YARPP allows . This issue affects YARPP: from n/a through 5.30.10.

PriorityP178critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
43.59%
98.6th percentile
Access Control vulnerability in YARPP YARPP allows . This issue affects YARPP: from n/a through 5.30.10.

Affected

2 ranges
VendorProductVersion rangeFixed in
yarppyarppn/a – 5.30.10
yarppyet_another_related_posts_plugin<= 5.30.10

Detection & IOCsextracted from sources · hover to see the quote

path/wp-content/plugins/yet-another-related-posts-plugin/includes/yarpp_pro_set_display_types.php
url/wp-content/plugins/yet-another-related-posts-plugin/includes/yarpp_pro_set_display_types.php?ypsdt=false&types[]=post&types[]=page
  • Detect exploitation attempts by monitoring unauthenticated GET requests to yarpp_pro_set_display_types.php with query parameters ypsdt and types[]
  • A successful exploit response returns HTTP 200 with Content-Type text/plain, body exactly 2 bytes containing 'ok'
  • Fingerprint vulnerable WordPress installations by searching for the YARPP plugin path in page body
  • The vulnerability resides in the missing capability check in ~/includes/yarpp_pro_set_display_types.php, allowing unauthenticated access
  • ·Vulnerability affects YARPP plugin versions up to and including 5.30.10; versions beyond this are not confirmed vulnerable
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.