CVE-2025-47636
📋 TL;DR
This CVE describes a path traversal vulnerability in the WordPress List Category Posts plugin that allows attackers to perform local file inclusion (LFI) by manipulating file paths. The vulnerability affects all versions up to 0.91.0, potentially enabling attackers to read sensitive files on the server. WordPress sites using vulnerable versions of this plugin are at risk.
💻 Affected Systems
- WordPress List Category Posts plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could read sensitive server files like wp-config.php containing database credentials, potentially leading to full site compromise and data exfiltration.
Likely Case
Attackers exploit the LFI to read configuration files and sensitive data, then use that information for further attacks or data theft.
If Mitigated
With proper file permissions and security controls, impact is limited to reading only accessible files, but sensitive information may still be exposed.
🎯 Exploit Status
Path traversal vulnerabilities are typically easy to exploit with publicly available techniques.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.91.1 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'List Category Posts' and check version. 4. If below 0.91.1, update to latest version. 5. Verify update completed successfully.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily disable the List Category Posts plugin until patched
wp plugin deactivate list-category-posts
Restrict file access
linuxImplement web server restrictions to prevent directory traversal
# Add to .htaccess for Apache:
<FilesMatch "\.(php|inc|conf|config|sql|log|txt)$">
Order Deny,Allow
Deny from all
</FilesMatch>
🧯 If You Can't Patch
- Remove the List Category Posts plugin entirely from production systems
- Implement web application firewall (WAF) rules to block path traversal patterns
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → List Category Posts version. If version is 0.91.0 or earlier, system is vulnerable.Check Version:
wp plugin get list-category-posts --field=versionVerify Fix Applied:
Verify plugin version is 0.91.1 or later in WordPress admin panel and test that category listing functionality still works.📡 Detection & Monitoring
Log Indicators:
- Unusual file path requests containing '../' patterns in access logs
- Requests to List Category Posts plugin with suspicious parameters
Network Indicators:
- HTTP requests with path traversal sequences in query parameters
- Unusual file access patterns to sensitive files
SIEM Query:
source="web_access_logs" AND (uri="*list-category-posts*" AND (param="*../*" OR param="*..\\*"))