CVE-2026-32419
- EPSS 0.03%
- Veröffentlicht 13.03.2026 11:42:15
- Zuletzt bearbeitet 16.03.2026 14:53:46
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fernando Briano List category posts list-category-posts allows DOM-Based XSS.This issue affects List category posts: from n/a through <= 0.93.1.
CVE-2025-47636
- EPSS 0.16%
- Veröffentlicht 07.05.2025 14:20:40
- Zuletzt bearbeitet 15.04.2026 00:35:42
Path Traversal: '.../...//' vulnerability in Fernando Briano List category posts list-category-posts allows PHP Local File Inclusion.This issue affects List category posts: from n/a through <= 0.91.0.
CVE-2024-9020
- EPSS 0.26%
- Veröffentlicht 18.01.2025 06:15:27
- Zuletzt bearbeitet 13.05.2025 21:23:17
The List category posts WordPress plugin before 0.90.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above ...
CVE-2023-6994
- EPSS 0.16%
- Veröffentlicht 11.01.2024 09:15:54
- Zuletzt bearbeitet 08.04.2026 18:18:46
The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode in all versions up to, and including, 0.89.3 due to insufficient input sanitization and output escaping on user supplied at...