VIR Vulnerability Intelligence Relay

CVE-2013-2710

medium
Published 2014-06-02 · Modified 2026-05-06
CVSS v3
CVSS v2
6.8
VIR risk
6.8

Description

Cross-site request forgery (CSRF) vulnerability in the Contextual Related Posts plugin before 1.8.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via unspecified vectors.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: PSIRT-CNA@flexerasoftware.com — http://wordpress.org/plugins/contextual-related-posts/changelog/

Application impact
VendorProductVersionsFixed
ajaydsouzacontextual_related_posts{"endIncluding":"1.8.6"}
ajaydsouzacontextual_related_posts1.0
ajaydsouzacontextual_related_posts1.1
ajaydsouzacontextual_related_posts1.1.1
ajaydsouzacontextual_related_posts1.2
ajaydsouzacontextual_related_posts1.2.1
ajaydsouzacontextual_related_posts1.2.2
ajaydsouzacontextual_related_posts1.3
ajaydsouzacontextual_related_posts1.3.1
ajaydsouzacontextual_related_posts1.4
ajaydsouzacontextual_related_posts1.4.1
ajaydsouzacontextual_related_posts1.4.2
ajaydsouzacontextual_related_posts1.5
ajaydsouzacontextual_related_posts1.5.1
ajaydsouzacontextual_related_posts1.5.2
ajaydsouzacontextual_related_posts1.6
ajaydsouzacontextual_related_posts1.6.1
ajaydsouzacontextual_related_posts1.6.2
ajaydsouzacontextual_related_posts1.6.3
ajaydsouzacontextual_related_posts1.6.4
ajaydsouzacontextual_related_posts1.6.5
ajaydsouzacontextual_related_posts1.7
ajaydsouzacontextual_related_posts1.7.1
ajaydsouzacontextual_related_posts1.7.2
ajaydsouzacontextual_related_posts1.7.3
ajaydsouzacontextual_related_posts1.8
ajaydsouzacontextual_related_posts1.8.1
ajaydsouzacontextual_related_posts1.8.2
ajaydsouzacontextual_related_posts1.8.3
ajaydsouzacontextual_related_posts1.8.4
ajaydsouzacontextual_related_posts1.8.5

References

CWEs

CWE-352

Verify integrity in audit chain (admin only). AS-IS.