Related Posts Lite WordPress Plugin Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the Related Posts Lite plugin for WordPress, affecting all versions through 1.12. The issue arises from inadequate input sanitization and output escaping, allowing authenticated attackers with administrator-level permissions to inject arbitrary scripts. These scripts execute when users view the affected posts. The vulnerability is present in multi-site installations where unfiltered HTML is disabled.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the post.

Reproduction

To reproduce this vulnerability, first install WordPress and the Related Posts Lite plugin version 1.12. In the WordPress admin panel, navigate to 'Related Posts Lite → Layout Options' and enter a malicious payload, such as a SVG image with an 'onload' event, into the 'Plugin title' field. Save the settings, then create a new post. The related posts section will automatically append the injected script, which will execute when the post is viewed.