Listly: Listicles For WordPress

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Description

The Listly: Listicles For WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Init() function in all versions up to, and including, 2.7. This makes it possible for unauthenticated attackers to delete arbitrary transient values on the WordPress site.

Basic Information

ID CVE-2025-5811

Source Wordfence

Published Jul 18, 2025 at 05:24

Modified Jul 18, 2025 at 14:00

Affected Product

Vendor milanmk

Product Listly: Listicles For WordPress

Version *

Affected Versions milanmk Listly: Listicles For WordPress *

CWE Classification

CWE-862

References

{
    "lastseen": "",
    "description": "The Listly: Listicles For WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Init() function in all versions up to, and including, 2.7. This makes it possible for unauthenticated attackers to delete arbitrary transient values on the WordPress site.",
    "published": "2025-07-18T05:24:01.146Z",
    "modified": "2025-07-18T14:00:33.209Z",
    "type": "cve",
    "title": "Listly: Listicles For WordPress <= 2.7 - Unauthenticated Arbitrary Transient Deletion",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ee6749f5-1dd0-4687-9a86-64fd1161321b?source=cve\nhttps://plugins.trac.wordpress.org/browser/listly/trunk/listly.php#L151\nhttps://wordpress.org/plugins/listly/",
    "id": "CVE-2025-5811",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "milanmk Listly: Listicles For WordPress *",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Listly: Listicles For WordPress",
    "version": "*",
    "vendor": "milanmk",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Listly: Listicles For WordPress <= 2.7 - Unauthenticated Arbitrary Transient Deletion_CVE-2025-5811