Stored Cross-Site Scripting in Related Posts Lite Plugin for WordPress
CVE-2025-11926
4.4MEDIUM
What is CVE-2025-11926?
The Related Posts Lite plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability, due to inadequate input sanitization and output escaping in admin settings. This issue affects all versions up to 1.12, enabling authenticated attackers with administrator-level permissions to inject malicious web scripts. These scripts could execute when users access compromised pages, posing a significant risk to multi-site installations and setups with unfiltered_html disabled.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Related Posts Lite * <= 1.12
References
CVSS V3.1
Score:
4.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Prabhat Verma