PT-2025-54280 · WordPress · Recent Posts From Each Category

Skalucy

Publicado

2025-12-31

Atualizado

2026-01-05

CVE-2025-49354

CVSS v3.1

7.1

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Mindstien Technologies Recent Posts From Each Category versions 1.4 and earlier

Description The Recent Posts From Each Category plugin contains a Cross-Site Request Forgery (CSRF) issue and a Stored Cross-Site Scripting (XSS) issue. The CSRF flaw could allow an attacker to perform actions on behalf of an authenticated user. The Stored XSS flaw could allow an attacker to inject malicious scripts into the application, which could be executed by other users.

Recommendations Versions prior to 1.4 should be updated.

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2025-49354

PT-2025-54280 · WordPress · Recent Posts From Each Category

CVE-2025-49354

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8