CVE-2026-12434 in List category posts Plugininformación

Resumen

por MITRE • 2026-07-16

The List category posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.95.0 via the sanitize_status. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles, full content, excerpts, dates, authors, and custom-field metadata of other users' pending-review, scheduled, and trashed posts by embedding a crafted [catlist] shortcode in their own draft and previewing it. This vulnerability is a bypass of the incomplete fix introduced for CVE-2025-11377 in version 0.93.0.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Responsable

Wordfence

Reservar

2026-06-16

Divulgación

2026-07-16

Moderación

aceptado

Artículo

VDB-379454

CPE

listo

EPSS

0.00000

KEV

no

Actividades

muy bajo

Fuentes

Want to stay up to date on a daily basis?

Enable the mail alert feature now!