CVE-2025-5811: 
WordPress vulnerability analysis and mitigation

The Listly: Listicles For WordPress plugin (versions up to and including 2.7) was identified with a security vulnerability tracked as CVE-2025-5811. The vulnerability was discovered and disclosed on July 17, 2025, involving unauthorized modification of data due to a missing capability check in the Init() function. This security flaw affects WordPress installations using the Listly plugin (Wordfence).

The vulnerability is characterized by a missing authorization check (CWE-862) in the Init() function of the plugin. It has been assigned a CVSS v3.1 Base Score of 5.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N. This indicates that the vulnerability can be exploited remotely with low attack complexity, requires no privileges or user interaction, and has a limited impact on integrity (NVD).

The vulnerability allows unauthenticated attackers to delete arbitrary transient values on affected WordPress sites. This capability could potentially lead to data manipulation and compromise the integrity of the website's temporary stored information (NVD).

As of July 15, 2025, the plugin has been temporarily closed and is not available for download pending a full security review (WordPress Plugin). Website administrators using the affected versions should consider removing the plugin until a patched version becomes available.