CyberRota Yorumu
Detaylı analiz gerekiyor.
CVE
CVE-2026-12434
Severity
MEDIUM
CVSS
4.3
EPSS
Yok
WordPress
Orijinal NVD Açıklaması
The List category posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.95.0 via the sanitize_status. This makes it possible for authenticated attackers, with contributor-level access and above, to extract titles, full content, excerpts, dates, authors, and custom-field metadata of other users' pending-review, scheduled, and trashed posts by embedding a crafted [catlist] shortcode in their own draft and previewing it. This vulnerability is a bypass of the incomplete fix introduced for CVE-2025-11377 in version 0.93.0.