5 matches found
WordPress List category posts SQL Injection Vulnerability
WordPress List category posts is a feature-rich WordPress plugin , mainly through the catlist short code to achieve the function . WordPress List category posts has a SQL injection vulnerability, the vulnerability stems from the existence of the startingwith parameter time-based SQL injection, an...
CVE-2025-10163
The List category posts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘startingwith’ parameter of the catlist shortcode in all versions up to, and including, 0.91.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
EUVD-2025-202663
The List category posts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘startingwith’ parameter of the catlist shortcode in all versions up to, and including, 0.91.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2025-10163 List Category Posts <= 0.91.0 - Authenticated (Contributor+) SQL Injection via Plugin's Shortcode
The List category posts plugin for WordPress is vulnerable to time-based SQL Injection via the ‘startingwith’ parameter of the catlist shortcode in all versions up to, and including, 0.91.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
WordPress plugin List category posts SQL注入漏洞
WordPress List category posts is a feature-rich WordPress plugin , mainly through the catlist short code to achieve the function . WordPress List category posts has a SQL injection vulnerability, the vulnerability stems from the existence of the startingwith parameter time-based SQL injection, an...