Cross-Site Request Forgery Vulnerability in Related Posts Line-up-Exactly by Milliard
CVE-2025-26545

7.1HIGH

Key Information:

Vendor: WordPress
Status: Related Posts Line-up-exactly By Milliard
Vendor: CVE Published:; 13 February 2025

What is CVE-2025-26545?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Related Posts Line-up-Exactly plugin by Milliard, which can lead to Stored Cross-Site Scripting (XSS) attacks. This vulnerability affects versions from n/a up to 0.0.22. Exploitation of this flaw could allow an attacker to trick a user into executing unwanted actions on the web application, potentially compromising user data and session integrity. It is crucial for users of this plugin to implement security measures to mitigate the risk associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Related Posts Line-up-Exactly by Milliard <= 0.0.22

References

https://patchstack.com/database/wordpress/plugin/related-...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 13, 2025
Vulnerability Reserved
Feb 12, 2025

Credit

Abdi Pranata (Patchstack Alliance)

JSON

WordPress