Stored Cross-Site Scripting in Related Posts Lite Plugin for WordPress
CVE-2025-11926
4.4MEDIUM
What is CVE-2025-11926?
The Related Posts Lite plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability, due to inadequate input sanitization and output escaping in admin settings. This issue affects all versions up to 1.12, enabling authenticated attackers with administrator-level permissions to inject malicious web scripts. These scripts could execute when users access compromised pages, posing a significant risk to multi-site installations and setups with unfiltered_html disabled.
Affected Version(s)
Related Posts Lite * <= 1.12