CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

27 matches found

Patchstack•added 2026/04/09 11:52 p.m.•2 views

WordPress List category posts plugin <= 0.94.0 - Authenticated (Author+) Stored Cross-Site Scripting via 'catlist' Shortcode vulnerability

Authenticated Author+ Stored Cross-Site Scripting via 'catlist' Shortcode vulnerability discovered by WordFence in WordPress Plugin List category posts versions = 0.94.0...

6.4CVSS5.9AI score0.00037EPSS

Exploits0References1Affected Software1

EUVD•added 2026/04/09 3:35 p.m.•0 views

EUVD-2026-20892

The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode in all versions up to, and including, 0.94.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS6.1AI score0.00037EPSS

Exploits0References4

NVD•added 2026/04/09 1:16 p.m.•1 views

CVE-2026-3005

6.4CVSS0.00037EPSS

Exploits0References3

Vulnrichment•added 2026/04/09 12:28 p.m.•0 views

CVE-2026-3005 List category posts <= 0.94.0 - Authenticated (Author+) Stored Cross-Site Scripting via 'catlist' Shortcode

6.4CVSS6.1AI score0.00037EPSS

Exploits0References3

CVE•added 2026/04/09 12:28 p.m.•3 views

CVE-2026-3005

The affected software is the WordPress plugin List category posts . The vulnerability is a Stored Cross-Site Scripting (XSS) in the plugin’s 'catlist' shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. It affects all versions up through 0.94.0 . Expl...

6.4CVSS6.1AI score0.00037EPSS

Exploits0References3

ATTACKERKB•added 2026/04/09 12:28 p.m.•0 views

CVE-2026-3005

6.4CVSS6.1AI score0.00037EPSS

Exploits0References4

Cvelist•added 2026/04/09 12:28 p.m.•16 views

CVE-2026-3005 List category posts <= 0.94.0 - Authenticated (Author+) Stored Cross-Site Scripting via 'catlist' Shortcode

6.4CVSS0.00037EPSS

Exploits0References3

Positive Technologies•added 2026/04/09 12:0 a.m.•0 views

PT-2026-31609

6.4CVSS6.1AI score0.00037EPSS

Exploits0References4

RedhatCVE•added 2025/12/12 4:13 a.m.•1 views

CVE-2025-10163

The List category posts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘startingwith’ parameter of the catlist shortcode in all versions up to, and including, 0.91.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS6.6AI score0.00028EPSS

Exploits0References1

NVD•added 2025/12/11 4:15 a.m.•3 views

CVE-2025-10163

6.5CVSS0.00028EPSS

Exploits0References2

CVE•added 2025/12/11 3:27 a.m.•21 views

CVE-2025-10163

Summary: WordPress plugin List category posts (versions

6.5CVSS6.2AI score0.00028EPSS

Exploits0References2

EUVD•added 2025/12/11 3:27 a.m.•5 views

EUVD-2025-202663

6.5CVSS6.1AI score0.00028EPSS

Exploits0References3

Vulnrichment•added 2025/12/11 3:27 a.m.•6 views

CVE-2025-10163 List Category Posts <= 0.91.0 - Authenticated (Contributor+) SQL Injection via Plugin's Shortcode

6.5CVSS6.2AI score0.00028EPSS

Exploits0References2

RedhatCVE•added 2025/11/02 4:46 a.m.•4 views

CVE-2025-11377

The List category posts plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.92.0 via the 'catlist' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with contributor-level...

4.3CVSS6AI score0.00039EPSS

Exploits0References1

EUVD•added 2025/11/01 6:30 a.m.•2 views

EUVD-2025-37418

4.3CVSS5.5AI score0.00039EPSS

Exploits0References3

NVD•added 2025/11/01 5:16 a.m.•2 views

CVE-2025-11377

4.3CVSS0.00039EPSS

Exploits0References2

CVE•added 2025/11/01 4:27 a.m.•11 views

CVE-2025-11377

The CVE-2025-11377 case is supported by multiple connected sources: WordPress List category posts plugin 0.92.0) or follow vendor advisories for fixes. Monitor for updates from CVE databases and the plugin maintainers to confirm remediation efficacy.

4.3CVSS5.6AI score0.00039EPSS

Exploits0References2

Vulnrichment•added 2025/11/01 4:27 a.m.•1 views

CVE-2025-11377 List category posts <= 0.92.0 - Authenticated (Contributor+) Information Exposure

4.3CVSS5.6AI score0.00039EPSS

Exploits0References2

CNNVD•added 2025/11/01 12:0 a.m.•1 views

WordPress plugin List category posts 信息泄露漏洞

WordPress List category posts plugin is a tool in WordPress for outputting specified category posts in a customized order. WordPress List category posts plugin suffers from an information disclosure vulnerability that stems from an insufficient catlist shortcode restriction, which can be exploite...

4.3CVSS6.1AI score0.00039EPSS

Exploits0References3

CNNVD•added 2024/03/30 12:0 a.m.•1 views

WordPress Plugin List category posts 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

6.4CVSS7.4AI score0.00118EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by