{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T05:47:55.478","vulnerabilities":[{"cve":{"id":"CVE-2025-28894","sourceIdentifier":"audit@patchstack.com","published":"2025-03-11T21:15:46.723","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-Site Request Forgery (CSRF) vulnerability in frucomerci List of Posts from each Category plugin for WordPress list-posts-by-category allows Stored XSS.This issue affects List of Posts from each Category plugin for WordPress: from n/a through <= 2.0."},{"lang":"es","value":"La vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento frucomerci List of Posts from each Category para WordPress permite XSS almacenado. Este problema afecta al plugin \"Lista de entradas de cada categoría\" para WordPress desde la versión n/d hasta la 2.0."}],"metrics":{},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/list-posts-by-category/vulnerability/wordpress-list-of-posts-from-each-category-plugin-for-wordpress-plugin-2-0-csrf-to-stored-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}}]}