CVE-2022-45374

HIGH

YARPP < 5.30.4 - PHP Local File Inclusion via Path Traversal

Title source: llm

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in YARPP allows PHP Local File Inclusion.This issue affects YARPP: from n/a through 5.30.4.

References (1)

Core 1

Core References

Third Party Advisory vdb-entry

https://patchstack.com/database/vulnerability/yet-another-related-posts-plugin/wordpress-yet-another-related-posts-plugin-yarpp-plugin-5-30-2-local-file-inclusion?_s_id=cve

Scores

CVSS v3 7.7

EPSS 0.0084

EPSS Percentile 53.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (2)

YARPP/YARPP < 5.30.4

yarpp/yet_another_related_posts_plugin < 5.30.5

Published May 17, 2024

Tracked Since Feb 18, 2026