PT-2025-54280 · WordPress · Recent Posts From Each Category
Skalucy
·
Published
2025-12-31
·
Updated
2026-01-05
·
CVE-2025-49354
CVSS v3.1
7.1
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Mindstien Technologies Recent Posts From Each Category versions 1.4 and earlier
Description
The Recent Posts From Each Category plugin contains a Cross-Site Request Forgery (CSRF) issue and a Stored Cross-Site Scripting (XSS) issue. The CSRF flaw could allow an attacker to perform actions on behalf of an authenticated user. The Stored XSS flaw could allow an attacker to inject malicious scripts into the application, which could be executed by other users.
Recommendations
Versions prior to 1.4 should be updated.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Recent Posts From Each Category