CVE-2025-11377

The CVE-2025-11377 case is supported by multiple connected sources: WordPress List category posts plugin 0.92.0) or follow vendor advisories for fixes. Monitor for updates from CVE databases and the plugin maintainers to confirm remediation efficacy.

CVE-2025-11377 List category posts <= 0.92.0 - Authenticated (Contributor+) Information Exposure

The List category posts plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.92.0 via the 'catlist' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with contributor-level...

CVE-2025-11377 List category posts <= 0.92.0 - Authenticated (Contributor+) Information Exposure

The List category posts plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.92.0 via the 'catlist' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with contributor-level...

CVE-2025-11174 Document Library Lite <= 1.1.6 - Missing Authorization to Sensitive Information Exposure

The Document Library Lite plugin for WordPress is vulnerable to Improper Authorization in all versions up to, and including, 1.1.6. This is due to the plugin exposing an unauthenticated AJAX action dllloadposts which returns a JSON table of document data without performing nonce or capability...

CVE-2025-11174

CVE-2025-11174 affects WordPress Document Library Lite plugin. All versions up to 1.1.6 permit improper authorization via an unauthenticated AJAX action (dll_load_posts) exposed through wp-admin/admin-ajax.php, returning a JSON table of document data without nonce or capability checks. The attack...

PT-2025-44703

Name of the Vulnerable Software and Affected Versions WordPress List category posts plugin versions prior to 0.92.0 Description The List category posts plugin for WordPress has an information exposure issue due to insufficient restrictions on posts included by the 'catlist' shortcode. This allows...

WordPress plugin List category posts 信息泄露漏洞

WordPress List category posts plugin is a tool in WordPress for outputting specified category posts in a customized order. WordPress List category posts plugin suffers from an information disclosure vulnerability that stems from an insufficient catlist shortcode restriction, which can be exploite...

CVE-2025-6520

creationtimestamp| type| source ---|---|--- 2025-10-31 09:01:31+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3m4i4ibnhwg2l 2025-10-31 09:26:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m4i5vtt2zh2k 2025-10-31 12:56:27+00:00| seen|...

WordPress Plugin ACF Recent Posts Widget Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin ACF Recent Posts Widget, no...

CVE-2025-4665

creationtimestamp| type| source ---|---|--- 2025-10-29 01:31:47+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3m4ccgbrqfi23 2025-10-29 01:41:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m4ccxhx6zg24 2025-10-29 07:58:12+00:00| seen|...

CVE-2025-9152

creationtimestamp| type| source ---|---|--- 2025-10-28 07:28:27+00:00| seen| https://bsky.app/profile/r-netsec-bot.bsky.social/post/3m4afurktde2g 2025-10-28 07:39:32+00:00| seen| https://bsky.app/profile/r-netsec.bsky.social/post/3m4agixqihf2d 2025-11-05 22:12:41+00:00| seen|...

CVE-2025-62905

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Justin Tadlock Query Posts query-posts allows Stored XSS.This issue affects Query Posts: from n/a through = 0.3.2...

CVE-2025-62958

Cross-Site Request Forgery CSRF vulnerability in Clifton Griffin Simple Content Templates for Blog Posts & Pages simple-post-template allows Cross Site Request Forgery.This issue affects Simple Content Templates for Blog Posts & Pages: from n/a through = 2.2.61...

CVE-2025-62954

Missing Authorization vulnerability in rsocial Revive Old Posts tweet-old-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive Old Posts: from n/a through = 9.3.3...

CVE-2025-62983

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sudar Muthu Posts By Tag posts-by-tag allows Stored XSS.This issue affects Posts By Tag: from n/a through = 3.2.1...

CVE-2025-62894

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in magicoders ACF Recent Posts Widget acf-recent-posts-widget allows Stored XSS.This issue affects ACF Recent Posts Widget: from n/a through = 5.9.3...

CVE-2025-62900

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WeblineIndia Popular Posts by Webline popular-posts-by-webline allows Stored XSS.This issue affects Popular Posts by Webline: from n/a through = 1.1.1...

CVE-2025-12322

creationtimestamp| type| source ---|---|--- 2025-10-27 21:13:22+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115448191522686837 2025-10-27 22:15:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m47gxsjtxl2g...

CVE-2025-61795

creationtimestamp| type| source ---|---|--- 2025-10-27 18:13:45+00:00| seen| https://seclists.org/oss-sec/2025/q4/77 2025-10-27 19:02:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m4747uh2g32p 2025-10-27 19:33:15+00:00| seen|...

CVE-2025-55754

creationtimestamp| type| source ---|---|--- 2025-10-27 17:59:31+00:00| seen| https://seclists.org/oss-sec/2025/q4/76 2025-10-27 19:08:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m474k4x55b2g 2025-10-27 19:43:18+00:00| seen|...