WordPress Plugin Vulnerabilities

List all posts by Authors, nested Categories and Title < 2.8.3 - CSRF

Description

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

Affects Plugins

Plugin icon
list-all-posts-by-authors-nested-categories-and-titles
Fixed in 2.8.3

References

CVE
CVE-2023-49182
URL
https://patchstack.com/database/vulnerability/list-all-posts-by-authors-nested-categories-and-titles/wordpress-list-all-posts-by-authors-nested-categories-and-title-plugin-2-7-10-cross-site-scripting-xss-vulnerability

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Skalucy
Verified
No
WPVDB ID
11a99af2-131d-4414-b9ef-4323baa753ae

Timeline

Publicly Published
2023-11-29 (about 2 years ago)
Added
2023-12-08 (about 2 years ago)
Last Updated
2024-03-12 (about 2 years ago)

Other

Published
Title
Published
2025-04-16
Title
Royal Elementor Addons < 1.3.979 - Contributor+ Stored XSS
Published
2024-06-18
Title
WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce < 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-06-19
Title
Jobs for WordPress < 2.7.15 - Contributor+ Stored XSS
Published
2025-04-10
Title
Product Excel Import Export & Bulk Edit for WooCommerce <= 4.7 - Reflected Cross-Site Scripting
Published
2024-05-22
Title
WP Ultimate Post Grid < 3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpupg-text Shortcode