CVE-2024-0592 MEDIUM

CVE-2024-0592: Related Posts for WordPress <= 2.2.1 - Cross-Site Request Forgery

Vendor Barrykooij
Product Related Posts for WordPress
Weakness CWE-352 · CSRF
Published March 13, 2024
Last update April 8, 2026
View on NVD All CVEs

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the handle_create_link() function. This makes it possible for unauthenticated attackers to add related posts to other posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This ultimately makes it possible for attackers to view draft and password protected posts.

Key dates

02Disclosure timeline

March 13, 2024 CVE published
April 8, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-22784 WordPress Background Control plugin <= 1.0.5 - CSRF to Arbitrary File Deletion vulnerability CVE-2022-47446 WordPress Store Locator Plugin <= 3.98.7 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2025-3638 Moodle: csrf risk in brickfield tool's analysis request action CVE-2024-1909 Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxRenameCategory CVE-2025-32673 WordPress Epeken All Kurir plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) vulnerability