CSRF Vulnerability in Advanced Post List by jokerbr313
CVE-2025-30968

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Advanced Post List
Vendor: CVE Published:; 6 June 2025

What is CVE-2025-30968?

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Advanced Post List plugin by jokerbr313, impacting versions from n/a up to 0.5.6.2. This flaw allows malicious actors to execute unauthorized actions on behalf of an authenticated user. If exploited, the vulnerability could lead to significant security breaches, as it allows attackers to trick users into performing actions they did not intend. It is crucial for users and administrators of the affected plugin to implement necessary security measures to mitigate potential risks.

Affected Version(s)

Advanced Post List <= 0.5.6.2

References

https://patchstack.com/database/wordpress/plugin/advanced...

vdb-entry

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 6, 2025
Vulnerability Reserved
Mar 26, 2025

Credit

Nguyen Xuan Chien (Patchstack Alliance)

WordPress

What is CVE-2025-30968?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit