CVE-2025-28894

Published Mar 11, 2025

Last updated 24 days ago

CVSS high 7.1

Overview

Description
Cross-Site Request Forgery (CSRF) vulnerability in frucomerci List of Posts from each Category plugin for WordPress allows Stored XSS. This issue affects List of Posts from each Category plugin for WordPress: from n/a through 2.0.
Source
audit@patchstack.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.1
Impact score
3.7
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Severity
HIGH

Weaknesses

audit@patchstack.com
CWE-352

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2025-28894 🔴 HIGH (7.1) 🏢 frucomerci - List of Posts from each Category plugin for WordPress 🏗️ Unknown Version 🔗 https://t.co/1hdnu3AUXJ #CyberCron #VulnAlert #InfoSec https://t.co/SGBR1UWBVx

    @cybercronai

    13 Mar 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References