Yet Another Related Posts Plugin (YARPP)

Adds related posts to your site and in RSS feeds, based on a powerful, customizable algorithm.

More information »

Use with caution

Confidence: Medium This plugin has been given a short, targeted code review.

Before using this plugin, you should carefully consider these findings.

More information about this recommendation

Findings

  • There is a lot of unescaped data being put into SQL – in one case the only thing preventing SQLi is magic_quotes_gpc emulation (see the taxonomy parameter being used in YARPP_Admin::ajax_display_exclude_terms)

Reason for the 'Use with caution' result

The plugin contains or is likely to contain a vulnerability which could be exploited by a privileged user to affect the site’s confidentiality, integrity or availability in a manner exceeding their privileges:

  • May allow SQL injection

Read more about our failure criteria.

Fail Execution of unprepared SQL statements

We conduct these inspections for our own use, and publish them in the hope that they may be useful to others. We don't guarantee that these findings are correct.

Please read this site's terms of service before taking any action based on information published here.

Testers
Tom Adams
Last revised
September 26, 2017
Versions tested
4.4
Plugin homepage
Yet Another Related Posts Plugin (YARPP)
Other versions

None listed