| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-3017 | Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts <= 3.0.12 - Authenticated (Administrator+) PHP Object Injection | shapedplugin | Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts | High | 7.2 | 2026-04-14 05:30:33 | Deep Dive |
| CVE-2026-3005 | List category posts <= 0.94.0 - Authenticated (Author+) Stored Cross-Site Scripting via 'catlist' Shortcode | fernandobt | List category posts | Medium | 6.4 | 2026-04-09 12:28:06 | Deep Dive |
| CVE-2026-32419 | WordPress List category posts plugin <= 0.93.1 - Cross Site Scripting (XSS) vulnerability | Fernando Briano | List category posts | 中危 | - | 2026-03-13 11:42:16 | Deep Dive |
| CVE-2025-10163 | List Category Posts <= 0.91.0 - Authenticated (Contributor+) SQL Injection via Plugin's Shortcode | fernandobt | List category posts | Medium | 6.5 | 2025-12-11 03:27:11 | Deep Dive |
| CVE-2025-11377 | List category posts <= 0.92.0 - Authenticated (Contributor+) Information Exposure | fernandobt | List category posts | Medium | 4.3 | 2025-11-01 04:27:40 | Deep Dive |
| CVE-2025-47636 | WordPress List category posts plugin <= 0.91.0 - Local File Inclusion Vulnerability | Fernando Briano | List category posts | High | 7.5 | 2025-05-07 14:20:40 | Deep Dive |
| CVE-2025-28894 | WordPress List of Posts from each Category plugin for WordPress plugin <= 2.0 - CSRF to Stored XSS vulnerability | frucomerci | List of Posts from each Category plugin for WordPress | High | 7.1 | 2025-03-11 21:00:49 | Deep Dive |
| CVE-2024-9020 | List category posts < 0.90.3 - Author+ Stored XSS | Unknown | List category posts | 中危 | - | 2025-01-18 06:00:05 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-1051 | List category posts <= 0.89.6 - Authenticated (Contributor+) Stored Cross-Site Scripting | fernandobt | List category posts | Medium | 6.4 | 2024-03-30 04:31:10 | Deep Dive |
| CVE-2024-23502 | WordPress Posts List Designer by Category – List Category Posts Or Recent Posts Plugin <= 3.3.2 is vulnerable to Cross Site Scripting (XSS) | InfornWeb | Posts List Designer by Category – List Category Posts Or Recent Posts | Medium | 6.5 | 2024-01-31 15:26:34 | Deep Dive |
| CVE-2023-6994 | List category posts <= 0.89.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | fernandobt | List category posts | Medium | 6.4 | 2024-01-11 08:32:36 | Deep Dive |
| CVE-2022-4749 | Posts List Designer by Category < 3.2 - Contributor+ Stored XSS via Shortcode | Unknown | Posts List Designer by Category | 中危 | - | 2023-01-30 20:31:50 | Deep Dive |
| CVE-2023-0097 | Post Grid, Post Carousel, & List Category Posts < 2.4.19 - Contributor+ Stored XSS | Unknown | Post Grid, Post Carousel, & List Category Posts | 中危 | - | 2023-01-30 20:31:48 | Deep Dive |