Exploitation Summary
EIP tracks 1 public exploit for CVE-2024-43919. PoCs published by RandomRobbieBF. A Nuclei detection template is also available.
AI-analyzed exploit summary The repository provides a functional HTTP request that exploits a missing authorization check in the YARPP WordPress plugin, allowing unauthenticated attackers to set display types via a crafted GET request.
Description
Access Control vulnerability in YARPP YARPP allows . This issue affects YARPP: from n/a through 5.30.10.
Exploits (1)
nomisec
WORKING POC
by RandomRobbieBF · poc
https://github.com/RandomRobbieBF/CVE-2024-43919
The repository provides a functional HTTP request that exploits a missing authorization check in the YARPP WordPress plugin, allowing unauthenticated attackers to set display types via a crafted GET request.
Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target:
YARPP – Yet Another Related Posts Plugin <= 5.30.10
No auth needed
Prerequisites:
Vulnerable YARPP plugin installed on WordPress site
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026
Full analysis →
Nuclei Templates (1)
YARPP <= 5.30.10 - Missing Authorization
CRITICALVERIFIEDby s4e-io
FOFA:
body="wp-content/plugins/yet-another-related-posts-plugin/"
References (1)
Core 1
Core References
Scores
CVSS v3
5.3
EPSS
0.4359
EPSS Percentile
98.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-862
Status
published
Products (2)
YARPP/YARPP
< 5.30.10
yarpp/yet_another_related_posts_plugin
< 5.30.10
Published
Nov 01, 2024
Tracked Since
Feb 18, 2026