Description
Cross-Site Request Forgery (CSRF) vulnerability in LIJE Show Pages List show-pages-list allows Cross Site Request Forgery.This issue affects Show Pages List: from n/a through <= 1.2.0.
Published: 2025-09-22
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The plugin contains a Cross‑Site Request Forgery flaw (CWE‑352) that allows an attacker to force a logged‑in user to execute actions that the user did not intend. The flaw can lead to unauthorized changes to the plugin’s settings or content, compromising the integrity of the site’s data. The vulnerability is specific to the plugin’s handling of state‑changing requests without proper CSRF validation.

Affected Systems

WordPress sites that have installed the LIJE Show Pages List plugin version 1.2.0 or earlier are affected. The issue is limited to the plugin and does not impact other WordPress components directly.

Risk and Exploitability

The CVSS score of 4.3 indicates moderate risk, and the EPSS score of less than 1% suggests that exploitation is unlikely to be widespread at present. The vulnerability is not listed in CISA’s KEV catalog. Exploitation would require an attacker to trick a legitimately authenticated user into opening a crafted request, implying the attack vector is web‑based and relies on user interaction.

Generated by OpenCVE AI on April 30, 2026 at 01:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Show Pages List plugin to any version newer than 1.2.0 where the CSRF fix has been applied.
  • Restrict the plugin’s administrative pages to users with the minimum necessary roles, or temporarily remove the pages from sites that cannot be upgraded immediately.
  • Apply a site‑wide CSRF protection layer, such as restoring WordPress nonce usage on all plugin forms or disabling the vulnerable endpoints via a security plugin until the upgrade is performed.

Generated by OpenCVE AI on April 30, 2026 at 01:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-30613 Cross-Site Request Forgery (CSRF) vulnerability in LIJE Show Pages List allows Cross Site Request Forgery. This issue affects Show Pages List: from n/a through 1.2.0.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in LIJE Show Pages List allows Cross Site Request Forgery. This issue affects Show Pages List: from n/a through 1.2.0. Cross-Site Request Forgery (CSRF) vulnerability in LIJE Show Pages List show-pages-list allows Cross Site Request Forgery.This issue affects Show Pages List: from n/a through <= 1.2.0.
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Tue, 23 Sep 2025 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 22 Sep 2025 18:30:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in LIJE Show Pages List allows Cross Site Request Forgery. This issue affects Show Pages List: from n/a through 1.2.0.
Title WordPress Show Pages List Plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) Vulnerability
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:42.324Z

Reserved: 2025-08-27T16:19:19.005Z

Link: CVE-2025-58219

cve-icon Vulnrichment

Updated: 2025-09-23T15:55:36.743Z

cve-icon NVD

Status : Deferred

Published: 2025-09-22T19:16:06.513

Modified: 2026-04-23T15:33:19.643

Link: CVE-2025-58219

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T01:30:24Z

Weaknesses