CVE-2025-5811
BaseFortify
Publication date: 2025-07-18
Last updated on: 2025-07-22
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordfence | listly | 2.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the Listly: Listicles For WordPress plugin allows unauthenticated attackers to delete arbitrary transient values on the WordPress site because the plugin's Init() function lacks a proper capability check. This means attackers can modify data without authorization in all versions up to and including 2.7.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing unauthorized users to delete transient data on your WordPress site, potentially disrupting site functionality or performance that relies on these transient values. Although it does not allow data disclosure or site takeover, it can lead to data integrity issues and service disruption.
What immediate steps should I take to mitigate this vulnerability?
Since the vulnerable plugin 'Listly: Listicles For WordPress' has been closed and is no longer available for download as of July 15, 2025, and has no active installations, the immediate mitigation step is to ensure that this plugin is not installed or active on your WordPress site. If it is installed, remove or deactivate it to prevent exploitation of the unauthorized data modification vulnerability. [1]