Does YARPP – Yet Another Related Posts Plugin have any unpatched vulnerabilities?

No. All known vulnerabilities in YARPP – Yet Another Related Posts Plugin have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is YARPP – Yet Another Related Posts Plugin compatible with WordPress 6.7.5?

According to WordPress.org data, YARPP – Yet Another Related Posts Plugin 5.30.11 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is YARPP – Yet Another Related Posts Plugin compatible with PHP 5.3+?

YARPP – Yet Another Related Posts Plugin requires PHP 5.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is YARPP – Yet Another Related Posts Plugin updated?

YARPP – Yet Another Related Posts Plugin was last updated on Nov 11, 2024. Frequent updates are generally a positive security signal.

What is YARPP – Yet Another Related Posts Plugin's security score?

YARPP – Yet Another Related Posts Plugin has a WP-Safety security score of 83/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

YARPP – Yet Another Related Posts Plugin Security & Risk Analysis

wordpress.org/plugins/yet-another-related-posts-plugin

The best WordPress plugin for displaying related posts. Simple and flexible, with a powerful proven algorithm and inbuilt caching.

100K active installs v5.30.11 PHP 5.3+ WP 3.7+ Updated Nov 11, 2024

contextual-related-postspostsrelated-postsseosimilar-posts

B · Generally Safe

CVEs total8

Unpatched0

Last CVEAug 26, 2024

Plugin page Download

Safety Verdict

Is YARPP – Yet Another Related Posts Plugin Safe to Use in 2026?

Mostly Safe

Score 83/100

YARPP – Yet Another Related Posts Plugin is generally safe to use though it hasn't been updated recently. 8 past CVEs were resolved. Keep it updated.

8 known CVEsLast CVE: Aug 26, 2024Updated 1yr ago

Risk Assessment

The 'yet-another-related-posts-plugin' v5.30.11 exhibits a mixed security posture. While it demonstrates some good practices such as a moderate adoption of prepared statements and nonce checks, several areas raise concerns. The presence of one AJAX handler without authentication checks and two high-severity taint flows with unsanitized paths are significant weaknesses that could be exploited for unauthorized actions or data manipulation. Furthermore, the plugin's history of 8 CVEs, including a past critical vulnerability and frequent Cross-Site Scripting and SQL Injection issues, indicates a pattern of past security oversights, even though no critical CVEs are currently unpatched.

Despite the positive aspects like the absence of bundled libraries and a reasonable number of capability checks, the identified code signals like the use of `unserialize` and a low percentage of properly escaped outputs present further potential attack vectors. The considerable attack surface with one unprotected entry point and the vulnerability history suggest that while the plugin is actively maintained (indicated by the recent CVE), historical weaknesses may persist or recur. Users should be cautious and ensure they are on the latest version, but vigilance regarding its past vulnerability patterns is recommended.

Key Concerns

AJAX handler without auth check
High severity taint flow (unsanitized path)
High severity taint flow (unsanitized path)
Usage of unserialize
Output escaping below 50%
Past critical CVE
Past high severity CVEs (2)
Common vuln types: XSS, SQLi, RFI, CSRF, Auth

Vulnerabilities

YARPP – Yet Another Related Posts Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2015

2015

4 CVEs in 2023

2023

3 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

8 total CVEs

CVE-2024-43919medium · 5.3Missing Authorization

YARPP <= 5.30.10 - Missing Authorization

Aug 26, 2024 Patched in 5.30.11 (79d)

CVE-2023-6495medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

YARPP – Yet Another Related Posts Plugin <= 5.30.9 - Authenticated(Administrator+) Cross-Site Scripting

Jun 18, 2024 Patched in 5.30.10 (42d)

CVE-2024-0602medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Yet Another Related Posts Plugin (YARPP) <= 5.30.9 - Authenticated(Administrator+) Stored Cross-Site Scripting via settings

Feb 20, 2024 Patched in 5.30.10 (161d)

CVE-2023-2433medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

YARPP – Yet Another Related Posts Plugin <= 5.30.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jul 17, 2023 Patched in 5.30.4 (190d)

CVE-2023-0579high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

YARPP - Yet Another Related Posts Plugin <= 5.30.2 - Authenticated (Subscriber+) SQL Injection via Shortcode

Apr 25, 2023 Patched in 5.30.3 (273d)

CVE-2022-45374high · 8.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

YARPP <= 5.30.4 - Authenticated (Subscriber+) Local File Inclusion

Apr 18, 2023 Patched in 5.30.5 (280d)

CVE-2022-4471medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

YARPP – Yet Another Related Posts Plugin <= 5.30.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Jan 19, 2023 Patched in 5.30.3 (369d)

WF-78759abf-4584-4beb-9ae7-39a5c3fe4b75-yet-another-related-posts-plugincritical · 9.8Cross-Site Request Forgery (CSRF)

YARPP – Yet Another Related Posts Plugin < 4.2.5 - Cross-Site Request Forgery

May 8, 2015 Patched in 4.2.5 (3182d)

Code Analysis

Analyzed Mar 16, 2026

YARPP – Yet Another Related Posts Plugin Code Analysis

Dangerous Functions

Raw SQL Queries

33 prepared

Unescaped Output

48 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserializeif ( $result = @unserialize( $remote['body'] ) ) {classes\YARPP_Core.php:2112

SQL Query Safety

55% prepared60 total queries

Output Escaping

48% escaped101 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

ajax_display_preview (classes\YARPP_Admin.php:835)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

YARPP – Yet Another Related Posts Plugin Attack Surface

Entry Points11

Unprotected1

AJAX Handlers 10

authwp_ajax_yarpp_display_exclude_termsclasses\YARPP_Admin.php:64

authwp_ajax_yarpp_display_democlasses\YARPP_Admin.php:65

authwp_ajax_yarpp_display_previewclasses\YARPP_Admin.php:66

authwp_ajax_yarpp_displayclasses\YARPP_Admin.php:67

authwp_ajax_yarpp_optin_dataclasses\YARPP_Admin.php:68

authwp_ajax_yarpp_optin_enableclasses\YARPP_Admin.php:69

authwp_ajax_yarpp_optin_disableclasses\YARPP_Admin.php:70

authwp_ajax_yarpp_switchclasses\YARPP_Admin.php:71

authwp_ajax_yarpp_clear_cacheclasses\YARPP_Admin.php:72

authwp_ajax_yarpp_pro_set_display_typesclasses\YARPP_Admin.php:73

Shortcodes 1

[yarpp] classes\YARPP_Shortcode.php:11

WordPress Hooks 59

actionadmin_initclasses\YARPP_Admin.php:34

actionadmin_initclasses\YARPP_Admin.php:35

actionadmin_menuclasses\YARPP_Admin.php:36

actionsave_postclasses\YARPP_Admin.php:37

filtercurrent_screenclasses\YARPP_Admin.php:39

filterdefault_hidden_meta_boxesclasses\YARPP_Admin.php:40

filtershareaholic_deactivate_feedback_form_pluginsclasses\YARPP_Admin.php:41

actionadmin_noticesclasses\YARPP_Admin.php:180

actionadmin_noticesclasses\YARPP_Admin.php:258

actionadmin_noticesclasses\YARPP_Admin.php:261

filterplugin_action_linksclasses\YARPP_Admin.php:277

actionadmin_enqueue_scriptsclasses\YARPP_Admin.php:297

actioninitclasses\YARPP_Block.php:20

filterblock_categories_allclasses\YARPP_Block.php:25

filterblock_categoriesclasses\YARPP_Block.php:27

actionenqueue_block_editor_assetsclasses\YARPP_Block.php:29

filterposts_whereclasses\YARPP_Cache_Bypass.php:136

filterposts_orderbyclasses\YARPP_Cache_Bypass.php:137

filterposts_fieldsclasses\YARPP_Cache_Bypass.php:138

filterpost_limitsclasses\YARPP_Cache_Bypass.php:139

actionpre_get_postsclasses\YARPP_Cache_Bypass.php:141

actionparse_queryclasses\YARPP_Cache_Bypass.php:142

actionpre_get_postsclasses\YARPP_Cache_Demo_Bypass.php:207

filterposts_requestclasses\YARPP_Cache_Demo_Bypass.php:208

filterhas_post_thumbnailclasses\YARPP_Cache_Demo_Bypass.php:209

filterpost_thumbnail_idclasses\YARPP_Cache_Demo_Bypass.php:210

filterimage_downsizeclasses\YARPP_Cache_Demo_Bypass.php:211

filterpost_thumbnail_sizeclasses\YARPP_Cache_Demo_Bypass.php:212

filterwp_get_attachment_image_srcclasses\YARPP_Cache_Demo_Bypass.php:213

filterpost_thumbnail_htmlclasses\YARPP_Cache_Demo_Bypass.php:214

filterwp_get_attachment_metadataclasses\YARPP_Cache_Demo_Bypass.php:215

filterposts_whereclasses\YARPP_Cache_Postmeta.php:128

filterposts_orderbyclasses\YARPP_Cache_Postmeta.php:129

filterposts_fieldsclasses\YARPP_Cache_Postmeta.php:130

filterpost_limitsclasses\YARPP_Cache_Postmeta.php:131

actionpre_get_postsclasses\YARPP_Cache_Postmeta.php:132

actionparse_queryclasses\YARPP_Cache_Postmeta.php:134

filterposts_joinclasses\YARPP_Cache_Tables.php:154

filterposts_whereclasses\YARPP_Cache_Tables.php:155

filterposts_orderbyclasses\YARPP_Cache_Tables.php:156

filterposts_fieldsclasses\YARPP_Cache_Tables.php:157

filterpost_limitsclasses\YARPP_Cache_Tables.php:158

actionpre_get_postsclasses\YARPP_Cache_Tables.php:159

actionparse_queryclasses\YARPP_Cache_Tables.php:161

actiondelete_postclasses\YARPP_Core.php:86

actiontransition_post_statusclasses\YARPP_Core.php:92

filterthe_contentclasses\YARPP_Core.php:110

actionbbp_template_after_single_topicclasses\YARPP_Core.php:111

filterthe_content_feedclasses\YARPP_Core.php:112

filterthe_excerpt_rssclasses\YARPP_Core.php:113

actionwp_enqueue_scriptsclasses\YARPP_Core.php:114

filteris_protected_metaclasses\YARPP_Core.php:115

actionbegin_fetch_post_thumbnail_htmlclasses\YARPP_Core.php:1662

actionrest_api_initclasses\YARPP_Rest_Api.php:9

filterwp_rest_cache/allowed_endpointsclasses\YARPP_Rest_Api.php:10

filterwidget_types_to_hide_from_legacy_widget_blockclasses\YARPP_Widget.php:10

actionwidgets_initclasses\YARPP_Widget.php:147

filterpostbox_classes_settings_page_yarpp_yarpp_display_optinincludes\yarpp_meta_boxes_hooks.php:93

actioninityarpp.php:92

Maintenance & Trust

YARPP – Yet Another Related Posts Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedNov 11, 2024

PHP min version5.3

Downloads7.9M

Community Trust

Rating96/100

Number of ratings1,148

Active installs100K

Alternatives

YARPP – Yet Another Related Posts Plugin Alternatives

Contextual Related Posts

contextual-related-posts

Keep visitors on your site longer with intelligent, fast-loading, contextually related posts. Block, shortcode, custom post type and widget ready.

60K 7 CVEs

Awesome Related Posts – Display Contextual Similar Posts

awesome-related-posts

100

Displays related posts based on categories, tags, and custom taxonomies with customizable layouts.

0 No CVEs

SPAI – Similar posts AI Plugin

similar-posts-ai-spai

100

Creates an AI-based recommended articles widget. The fastest plugin, since all calculations take place on the developer's servers.

10 No CVEs

Super Related Posts – Lightweight, High Performance Algorithm & Increase Traffic!

super-related-posts

100

Related Posts Plugin to improve Traffic & Bounce-Rate with Superior Algorithm. ZERO Server Load & Highly Configurable Related Post Plugin.

10 No CVEs

Developer Profile

YARPP – Yet Another Related Posts Plugin Developer Profile

YARPP

1 plugin · 100K total installs

trust score

Avg Security Score

83/100

Avg Patch Time

572 days

View full developer profile

Detection Fingerprints

How We Detect YARPP – Yet Another Related Posts Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/yet-another-related-posts-plugin/styles/yarpp.css/wp-content/plugins/yet-another-related-posts-plugin/styles/yarpp-settings.css/wp-content/plugins/yet-another-related-posts-plugin/styles/yarpp-admin.css/wp-content/plugins/yet-another-related-posts-plugin/js/yarpp-admin.js/wp-content/plugins/yet-another-related-posts-plugin/js/yarpp-related.js/wp-content/plugins/yet-another-related-posts-plugin/js/yarpp-settings.js/wp-content/plugins/yet-another-related-posts-plugin/js/yarpp-preview.js

Script Paths

/wp-content/plugins/yet-another-related-posts-plugin/js/yarpp-admin.js/wp-content/plugins/yet-another-related-posts-plugin/js/yarpp-related.js/wp-content/plugins/yet-another-related-posts-plugin/js/yarpp-settings.js/wp-content/plugins/yet-another-related-posts-plugin/js/yarpp-preview.js

Version Parameters

yet-another-related-posts-plugin/styles/yarpp.css?ver=yet-another-related-posts-plugin/styles/yarpp-settings.css?ver=yet-another-related-posts-plugin/styles/yarpp-admin.css?ver=yet-another-related-posts-plugin/js/yarpp-admin.js?ver=yet-another-related-posts-plugin/js/yarpp-related.js?ver=yet-another-related-posts-plugin/js/yarpp-settings.js?ver=yet-another-related-posts-plugin/js/yarpp-preview.js?ver=

HTML / DOM Fingerprints

CSS Classes

yarpp-relatedyarpp-widgetyarpp-settings

HTML Comments

Data Attributes

data-yarpp-iddata-yarpp-post-iddata-yarpp-widget-id

JS Globals

yarpp_related_settingsyarpp_preview_settingsyarpp_admin_settings

REST Endpoints

/wp-json/yarpp/v1/related/wp-json/yarpp/v1/search

Shortcode Output

[related_posts]

FAQ