CVE-2025-31570

Cross-Site Request Forgery CSRF vulnerability in wp-buy Related Posts Widget with Thumbnails advanced-css3-related-posts-widget allows Stored XSS.This issue affects Related Posts Widget with Thumbnails: from n/a through = 1.2...

CVE-2025-31570 WordPress Related Posts Widget with Thumbnails plugin <= 1.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in wp-buy Related Posts Widget with Thumbnails advanced-css3-related-posts-widget allows Stored XSS.This issue affects Related Posts Widget with Thumbnails: from n/a through = 1.2...

CVE-2025-31570

CVE-2025-31570 involves a CSRF to Stored XSS in the WordPress plugin “Related Posts Widget with Thumbnails” (listed as Advanced CSS3 Related Posts Widget). Public description states the issue affects the plugin from version n/a up to 1.2, implying all releases ≤1.2 are affected. The CVSS metrics ...

CVE-2024-48029

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Hung Trang Si SB Random Posts Widget sb-random-posts-widget allows PHP Local File Inclusion.This issue affects SB Random Posts Widget: from n/a through = 1.0...

WordPress Category Posts Widget plugin < 4.9.18 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Category Posts Widget versions 4.9.18...

CVE-2024-9638

The Category Posts Widget WordPress plugin before 4.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-9638

The Category Posts Widget WordPress plugin before 4.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-9638

CVE-2024-9638 affects Category Posts Widget for WordPress (Category Posts Widget) up to version 4.9.17. The issue is improper sanitization/escaping of widget settings, enabling stored XSS by high-privilege users (e.g., Admin) even when unfiltered_html is disallowed (e.g., multisite). The root cau...

CVE-2024-9638 Category Posts Widget < 4.9.18 - Admin+ Stored XSS

The Category Posts Widget WordPress plugin before 4.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-9638 Category Posts Widget < 4.9.18 - Admin+ Stored XSS

The Category Posts Widget WordPress plugin before 4.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress plugin Category Posts Widget 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2025-3730 · WordPress · Category Posts Widget

Name of the Vulnerable Software and Affected Versions: Category Posts Widget WordPress plugin versions prior to 4.9.18 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is...

CVE-2024-49628

Cross-Site Request Forgery CSRF vulnerability in whiletrue Most And Least Read Posts Widget most-and-least-read-posts-widget allows Cross Site Request Forgery.This issue affects Most And Least Read Posts Widget: from n/a through = 2.5.18...

CVE-2024-49628 WordPress Most And Least Read Posts Widget plugin <= 2.5.18 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in WhileTrue Most And Least Read Posts Widget allows Cross Site Request Forgery.This issue affects Most And Least Read Posts Widget: from n/a through 2.5.18...

CVE-2024-49628

CVE-2024-49628 is a CSRF vulnerability in the WordPress plugin Most And Least Read Posts Widget (WhileTrue) affecting versions 2.5.18 and earlier. Unauthenticated attackers could exploit CSRF to perform unintended actions. The issue is fixed in version 2.5.19; update the plugin to 2.5.19 or later...

CVE-2024-48029

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Hung Trang Si SB Random Posts Widget sb-random-posts-widget allows PHP Local File Inclusion.This issue affects SB Random Posts Widget: from n/a through = 1.0...

CVE-2024-48029

CVE-2024-48029 affects the WordPress SB Random Posts Widget. The vulnerability is an improper control of the filename for include/require statements in PHP (PHP Remote File Inclusion) that enables Local File Inclusion via the SB Random Posts Widget

WordPress SB Random Posts Widget Plugin <= 1.0 is vulnerable to Local File Inclusion

Software SB Random Posts Widget Type Plugin Vulnerable versions = 1.0 Fixed in 1.1 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-48029 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 4e7fd324ea44 Credits João Pedro S Alcântara Kinorth Required...

WordPress Category Posts Widget < 4.9.17- Admin+ Stored XSS vulnerability

WordPress Category Posts Widget 4.9.17- Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Category Posts Widget versions 4.9.17...

WordPress Category Posts Widget Plugin < 4.9.17 is vulnerable to Cross Site Scripting (XSS)

Software Category Posts Widget Type Plugin Vulnerable versions 4.9.17 Fixed in 4.9.17 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-6158 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 321a7aaf8265 Credits Dmitrii Ignatyev Required privile...