Plugin inspection:

Yet Another Related Posts Plugin (YARPP)

Use with caution

Last revised:

Confidence: Medium
This plugin has been given a short, targeted code review.

Before using this plugin, you should carefully consider these findings. Read more about this recommendation.

Findings

  • There is a lot of unescaped data being put into SQL – in one case the only thing preventing SQLi is magic_quotes_gpc emulation (see the taxonomy parameter being used in YARPP_Admin::ajax_display_exclude_terms)

Reason for the 'Use with caution' result

The plugin contains or is likely to contain a vulnerability which could be exploited by a privileged user to affect the site’s confidentiality, integrity or availability in a manner exceeding their privileges:

  • May allow SQL injection

Failure criteria

  • Execution of unprepared SQL statements

Read more about our failure criteria.