VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 9 known issues Latest disclosed Apr 17, 2026

Contextual Related Posts Vulnerabilities

Review known vulnerability records for the WordPress plugin Contextual Related Posts (`contextual-related-posts`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-2986, CVE-2026-32565 and CVE-2025-47506, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
9
High or Critical
2
Patch Coverage
100%
Last Updated
Apr 17, 2026
Priority CVE Quick Links

Fast paths into Contextual Related Posts CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
6
CVE-2014-3937 Critical 1.8.10.2
CVE-2014-3937 Contextual Related Posts SQL Injection

Contextual Related Posts < 1.8.10.2 - SQL Injection

CVE-2013-2710 High 1.8.7
CVE-2013-2710 Contextual Related Posts Cross-Site Scripting

Contextual Related Posts <= 1.8.6 - Cross-Site Request Forgery to Cross-Site Scripting

CVE-2026-2986 Medium 4.2.2
CVE-2026-2986 Contextual Related Posts Stored Cross-Site Scripting

Contextual Related Posts <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'other_attributes'

CVE-2025-47506 Medium 4.0.3
CVE-2025-47506 Contextual Related Posts Stored Cross-Site Scripting

Contextual Related Posts <= 4.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2023-0252 Medium 3.3.1
CVE-2023-0252 Contextual Related Posts Stored Cross-Site Scripting

Contextual Related Posts <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attribute

CVE-2026-32565 Medium 4.2.2
CVE-2026-32565 Contextual Related Posts Vulnerability

Contextual Related Posts < 4.2.2 - Missing Authorization

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Contextual Related Posts so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
9 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
1 critical and 1 high severity finding.
Recent CVEs
CVE-2026-2986, CVE-2026-32565 and CVE-2025-47506
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Contextual Related Posts

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2026-2986
CVE-2026-2986: Contextual Related Posts <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'other_attributes'

The Contextual Related Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'other_attributes' parameter in versions up to, and including, 4.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacke...

Published
Apr 17, 2026
Patched Release
4.2.2
Affected Versions
Versions up to 4.2.1
Next Step
Update to 4.2.2 or newer if supported.
Open CVE-2026-2986 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2026-32565
CVE-2026-32565: Contextual Related Posts < 4.2.2 - Missing Authorization

The Contextual Related Posts plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to 4.2.2 (exclusive). This makes it possible for unauthenticated attackers to perform an unauthorized action.

Published
Mar 18, 2026
Patched Release
4.2.2
Affected Versions
Versions before 4.2.2
Next Step
Update to 4.2.2 or newer if supported.
Open CVE-2026-32565 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-47506
CVE-2025-47506: Contextual Related Posts <= 4.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Contextual Related Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...

Published
May 07, 2025
Patched Release
4.0.3
Affected Versions
Versions up to 4.0.2
Next Step
Update to 4.0.3 or newer if supported.
Open CVE-2025-47506 Report Open CVE Reference
Plugin Medium Patched: Yes
Contextual Related Posts <= 3.3.1 - Cross-Site Request Forgery in crpClearCache

The Contextual Related Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.1. This is due to missing or incorrect nonce validation on the crpClearCache function triggered via the crp_clear_cache AJAX action. This makes it p...

Published
Feb 20, 2023
Patched Release
3.3.2
Affected Versions
Versions up to 3.3.1
Next Step
Update to 3.3.2 or newer if supported.
Open Full Report
Plugin Medium Patched: Yes
Contextual Related Posts <= 3.3.1 - Missing Authorization in crp_ajax_clearcache

The Contextual Related Posts plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the crp_ajax_clearcache function in versions up to, and including, 3.3.1. This makes it possible for authenticated attackers, with subscriber-...

Published
Feb 20, 2023
Patched Release
3.3.2
Affected Versions
Versions up to 3.3.1
Next Step
Update to 3.3.2 or newer if supported.
Open Full Report
Plugin Medium Patched: Yes CVE-2023-0252
CVE-2023-0252: Contextual Related Posts <= 3.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attribute

The Contextual Related Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attributes in versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

Published
Jan 05, 2023
Patched Release
3.3.1
Affected Versions
Versions up to 3.3.0
Next Step
Update to 3.3.1 or newer if supported.
Open CVE-2023-0252 Report Open CVE Reference
Plugin Medium Patched: Yes
Contextual Related Posts <= 2.9.3 - Cross-Site Request Forgery

The Contextual Related Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.3. This is due to missing or incorrect nonce validation on the crp_process_settings_export() or crp_process_settings_import() functions. This makes...

Published
Nov 19, 2020
Patched Release
2.9.4
Affected Versions
Versions up to 2.9.3
Next Step
Update to 2.9.4 or newer if supported.
Open Full Report
Plugin High Patched: Yes CVE-2013-2710
CVE-2013-2710: Contextual Related Posts <= 1.8.6 - Cross-Site Request Forgery to Cross-Site Scripting

Cross-site request forgery (CSRF) vulnerability in the Contextual Related Posts plugin before 1.8.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via unspecified vectors.

Published
Aug 01, 2014
Patched Release
1.8.7
Affected Versions
Versions up to 1.8.6
Next Step
Update to 1.8.7 or newer if supported.
Open CVE-2013-2710 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2014-3937
CVE-2014-3937: Contextual Related Posts < 1.8.10.2 - SQL Injection

SQL injection vulnerability in the Contextual Related Posts plugin before 1.8.10.2 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Published
Mar 06, 2014
Patched Release
1.8.10.2
Affected Versions
Versions before 1.8.10.2
Next Step
Update to 1.8.10.2 or newer if supported.
Open CVE-2014-3937 Report Open CVE Reference