WordPress plugin List category posts SQL注入漏洞

WordPress List category posts is a feature-rich WordPress plugin , mainly through the catlist short code to achieve the function . WordPress List category posts has a SQL injection vulnerability, the vulnerability stems from the existence of the startingwith parameter time-based SQL injection, an...

CVE-2025-49351

Cross-Site Request Forgery CSRF vulnerability in Valentin Agachi Create Posts & Terms create-posts-terms allows Stored XSS.This issue affects Create Posts & Terms: from n/a through = 1.3.1...

CVE-2025-13339

creationtimestamp| type| source ---|---|--- 2025-12-10 07:10:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m7miwp5sjw2y 2025-12-10 07:45:41+00:00| seen| https://gist.github.com/Darkcrai86/54a35bd8d99ef7098f2e2b7b8465278c 2025-12-10 08:07:48+00:00| seen|...

CVE-2025-9056

creationtimestamp| type| source ---|---|--- 2025-12-10 04:34:40+00:00| seen| https://infosec.exchange/users/offseq/statuses/115693406042917432 2025-12-10 04:34:42+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3m7ma7ytwwo2m 2025-12-10 04:55:26+00:00| seen|...

EUVD-2025-202041

Cross-Site Request Forgery CSRF vulnerability in Valentin Agachi Create Posts & Terms create-posts-terms allows Stored XSS.This issue affects Create Posts & Terms: from n/a through = 1.3.1...

CVE-2025-49351

Cross-Site Request Forgery CSRF vulnerability in Valentin Agachi Create Posts & Terms create-posts-terms allows Stored XSS.This issue affects Create Posts & Terms: from n/a through = 1.3.1...

CVE-2025-49351

CVE-2025-49351 is a CSRF vulnerability in the WordPress plugin Create Posts & Terms (plugin slug: create-posts-terms), affecting versions up to and including 1.3.1. The connected documents specify that the flaw allows Cross-Site Request Forgery which can lead to Stored XSS. Root cause and exact v...

CVE-2025-49351 WordPress Create Posts & Terms plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Valentin Agachi Create Posts & Terms create-posts-terms allows Stored XSS.This issue affects Create Posts & Terms: from n/a through = 1.3.1...

CVE-2025-49351

Cross-Site Request Forgery CSRF vulnerability in Valentin Agachi Create Posts & Terms create-posts-terms allows Stored XSS.This issue affects Create Posts & Terms: from n/a through = 1.3.1...

CVE-2025-49351 WordPress Create Posts & Terms plugin <= 1.3.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Valentin Agachi Create Posts & Terms create-posts-terms allows Stored XSS.This issue affects Create Posts & Terms: from n/a through = 1.3.1...

WordPress plugin Create Posts Terms 跨站请求伪造漏洞

...

PT-2025-49986

Cross-Site Request Forgery CSRF vulnerability in Valentin Agachi Create Posts & Terms create-posts-terms allows Stored XSS.This issue affects Create Posts & Terms: from n/a through = 1.3.1...

CVE-2025-12635

creationtimestamp| type| source ---|---|--- 2025-12-08 15:55:05+00:00| seen| https://bsky.app/profile/knaepp.bsky.social/post/3m7ifcshmal2d 2025-12-08 16:05:04+00:00| seen| https://bsky.app/profile/knaepp.bsky.social/post/3m7ifunn7pm2j 2025-12-08 20:25:05+00:00| seen|...

CVE-2023-53761

creationtimestamp| type| source ---|---|--- 2025-12-08 02:38:58+00:00| seen| https://bsky.app/profile/potato.software/post/3m7gytauf6o2r 2025-12-08 03:18:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m7h2zx2dgj2q...

CVE-2025-40282

creationtimestamp| type| source ---|---|--- 2025-12-06 22:43:58+00:00| seen| https://bsky.app/profile/potato.software/post/3m7e3a4mnbu2t 2025-12-06 23:34:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m7e5zxqvzb2n 2026-03-19 00:00:00+00:00| seen|...

CVE-2025-13684

The ARK Related Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 2.19. This is due to missing or incorrect nonce validation on the arkrpoptionspage function. This makes it possible for unauthenticated attackers to modify the plugin's configuration settings via a...

CVE-2025-12574

CVE-2025-12574 concerns Listar – Directory Listing & Classifieds WordPress Plugin (

CVE-2025-12574 Listar – Directory Listing & Classifieds WordPress Plugin <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion

The Listar – Directory Listing & Classifieds WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the '/wp-json/listar/v1/place/delete' REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for...

PT-2025-49331

The Listar – Directory Listing & Classifieds WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the '/wp-json/listar/v1/place/delete' REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for...

CVE-2025-14108

creationtimestamp| type| source ---|---|--- 2025-12-05 22:25:40+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115669305914538839 2025-12-05 23:00:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m7blovwhli2u 2025-12-06 00:10:04+00:00| seen|...