VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 7 known issues Latest disclosed May 07, 2025

Inline Related Posts Vulnerabilities

Review known vulnerability records for the WordPress plugin Inline Related Posts (`intelly-related-posts`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-47604, CVE-2024-6487 and CVE-2024-5626, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
7
High or Critical
0
Patch Coverage
100%
Last Updated
Feb 26, 2026
Priority CVE Quick Links

Fast paths into Inline Related Posts CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
6
CVE-2025-47604 Medium 3.9.0
CVE-2025-47604 Inline Related Posts Stored Cross-Site Scripting

Inline Related Posts <= 3.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2024-5626 Medium 3.7.0
CVE-2024-5626 Inline Related Posts Cross-Site Scripting

Inline Related Posts <= 3.6.0 - Reflected Cross-Site Scripting

CVE-2024-6487 Medium 3.8.0
CVE-2024-6487 Inline Related Posts Stored Cross-Site Scripting

Inline Related Posts <= 3.7.0 - Authenticated (Admin+) Stored Cross-Site Scripting

CVE-2024-2444 Medium 3.5.0
CVE-2024-2444 Inline Related Posts Stored Cross-Site Scripting

Inline Related Posts <= 3.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

CVE-2024-31426 Medium 3.4.0
CVE-2024-31426 Inline Related Posts Cross-Site Request Forgery

Inline Related Posts <= 3.3.1 - Cross-Site Request Forgery

CVE-2023-6257 Medium 3.6.0
CVE-2023-6257 Inline Related Posts Sensitive Information Exposure

Inline Related Posts <= 3.5.0 - Information Exposure

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Inline Related Posts so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
7 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 0 high severity findings.
Recent CVEs
CVE-2025-47604, CVE-2024-6487 and CVE-2024-5626
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Inline Related Posts

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2025-47604
CVE-2025-47604: Inline Related Posts <= 3.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Inline Related Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and abo...

Published
May 07, 2025
Patched Release
3.9.0
Affected Versions
Versions up to 3.8.0
Next Step
Update to 3.9.0 or newer if supported.
Open CVE-2025-47604 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-6487
CVE-2024-6487: Inline Related Posts <= 3.7.0 - Authenticated (Admin+) Stored Cross-Site Scripting

The Inline Related Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administr...

Published
Jul 08, 2024
Patched Release
3.8.0
Affected Versions
Versions up to 3.7.0
Next Step
Update to 3.8.0 or newer if supported.
Open CVE-2024-6487 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-5626
CVE-2024-5626: Inline Related Posts <= 3.6.0 - Reflected Cross-Site Scripting

The Inline Related Posts plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scrip...

Published
Jun 21, 2024
Patched Release
3.7.0
Affected Versions
Versions up to 3.6.0
Next Step
Update to 3.7.0 or newer if supported.
Open CVE-2024-5626 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-31426
CVE-2024-31426: Inline Related Posts <= 3.3.1 - Cross-Site Request Forgery

The Inline Related Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.1. This is due to missing or incorrect nonce validation on the manager_trackingOn() and manager_trackingOff() functions. This makes it possible for unau...

Published
Apr 10, 2024
Patched Release
3.4.0
Affected Versions
Versions up to 3.3.1
Next Step
Update to 3.4.0 or newer if supported.
Open CVE-2024-31426 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-6257
CVE-2023-6257: Inline Related Posts <= 3.5.0 - Information Exposure

The Inline Related Posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.0 via the irp_get_list_posts() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve...

Published
Mar 21, 2024
Patched Release
3.6.0
Affected Versions
Versions up to 3.5.0
Next Step
Update to 3.6.0 or newer if supported.
Open CVE-2023-6257 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-2444
CVE-2024-2444: Inline Related Posts <= 3.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Inline Related Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administr...

Published
Mar 16, 2024
Patched Release
3.5.0
Affected Versions
Versions up to 3.4.0
Next Step
Update to 3.5.0 or newer if supported.
Open CVE-2024-2444 Report Open CVE Reference
Plugin Medium Patched: Yes
Inline Related Posts <= 3.0.4 - Authenticated (Admin+) Cross-Site Scripting

The Inline Related Posts plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative capabilities, to inject...

Published
Oct 09, 2021
Patched Release
3.0.5
Affected Versions
Versions up to 3.0.4
Next Step
Update to 3.0.5 or newer if supported.
Open Full Report