cleantalk
Vulnerabilities and Security Researches

Related Posts Lite, CVE-2025-9618

CVE, Research URL

CVE-2025-9618

Home page URL

Security reports for Related Posts Lite

Application

Related Posts Lite

Published on
Aug 30, 2025
Research Description
The Related Posts Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
Min -, max 1.12.
Status
vulnerable
Previous vulnerability researches
Image License and Protection (CVE-2025-8047) , Aug 27, 2025
New vulnerability
TablePress – Tables in WordPress made easy (CVE-2025-9500) , Sep 02, 2025
Chatbox Manager (CVE-2025-58211) , Sep 02, 2025
WooCommerce Payment Gateway for Saferpay (CVE-2025-48317) , Sep 02, 2025
iATS Online Forms (CVE-2025-9441) , Sep 02, 2025
Poll, Survey & Quiz Maker Plugin by Opinion Stage (CVE-2025-53328) , Sep 02, 2025