PT-2025-42240 · WordPress · Dynamically Display Posts

Dayea Song

Publicado

2025-10-15

Atualizado

2025-10-15

CVE-2025-11501

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Dynamically Display Posts plugin for WordPress versions up to and including 1.1

Description The Dynamically Display Posts plugin for WordPress is susceptible to SQL Injection through the tax query parameter. This occurs because of inadequate escaping of user-provided input and a lack of proper preparation of the existing SQL query. This allows unauthenticated attackers to inject additional SQL queries, potentially extracting sensitive information from the database.

Recommendations Update the Dynamically Display Posts plugin to a version newer than 1.1.

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2025-11501

Produtos afetados

Dynamically Display Posts

PT-2025-42240 · WordPress · Dynamically Display Posts

CVE-2025-11501

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5