Cross-Site Request Forgery Vulnerability in Related Posts Line-up-Exactly by Milliard
CVE-2025-26545

7.1HIGH

Key Information:

Vendor: Shisuh
Status: Related Posts Line-up-exactly By Milliard
Vendor: CVE Published:; 13 February 2025

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Related Posts Line-up-Exactly plugin by Milliard, which can lead to Stored Cross-Site Scripting (XSS) attacks. This vulnerability affects versions from n/a up to 0.0.22. Exploitation of this flaw could allow an attacker to trick a user into executing unwanted actions on the web application, potentially compromising user data and session integrity. It is crucial for users of this plugin to implement security measures to mitigate the risk associated with this vulnerability.

Affected Version(s)

Related Posts Line-up-Exactly by Milliard <= 0.0.22

References

https://patchstack.com/database/wordpress/plugin/related-...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 13, 2025
Vulnerability Reserved
Feb 12, 2025

Credit

Abdi Pranata (Patchstack Alliance)