EUVD-2026-13069

The Simple Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'displayname' post meta Custom Field in all versions up to and including 2.6.2. This is due to insufficient input sanitization and output escaping on the author display name when no author URL is...

CVE-2026-4006

The CVE-2026-4006 issue affects the WordPress Simple Draft List plugin (display_name via WP_Post::__get(), resolves it from get_post_meta, and assigns it to $author_link without escaping if user_url is empty, then injects it into shortcode output via str_replace, enabling authenticated attackers ...

CVE-2026-4006 Draft List <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'display_name' Parameter

The Simple Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'displayname' post meta Custom Field in all versions up to and including 2.6.2. This is due to insufficient input sanitization and output escaping on the author display name when no author URL is...

CVE-2026-4006

The Simple Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'displayname' post meta Custom Field in all versions up to and including 2.6.2. This is due to insufficient input sanitization and output escaping on the author display name when no author URL is...

PT-2026-26257

Name of the Vulnerable Software and Affected Versions Simple Draft List plugin for WordPress versions up to and including 2.6.2 Description The Simple Draft List plugin for WordPress is susceptible to Stored Cross-Site Scripting through the display name post meta Custom Field. This is a result of...

EUVD-2024-45589

Malicious code in bioql PyPI...

CVE-2025-56154

htmly v3.0.8 is vulnerable to Cross Site Scripting (XSS) in the /author/:name endpoint. The name parameter is not properly sanitized before reflecting in the HTML response, enabling injection of arbitrary JavaScript. The CVE description confirms the affected software and the vulnerability locatio...

CVE-2024-51655

Cross-Site Request Forgery CSRF vulnerability in microkid Custom Author URL author-slug allows Stored XSS.This issue affects Custom Author URL: from n/a through = 2.0.1...

CVE-2024-51655

Cross-Site Request Forgery CSRF vulnerability in microkid Custom Author URL author-slug allows Stored XSS.This issue affects Custom Author URL: from n/a through = 2.0.1...

CVE-2024-51655

CVE-2024-51655 is a CSRF to Stored XSS vulnerability in the WordPress plugin Custom Author URL (versions

CVE-2024-51655 WordPress Custom Author URL plugin <= 2.0.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF vulnerability in microkid Custom Author URL author-slug allows Stored XSS.This issue affects Custom Author URL: from n/a through = 2.0.1...

CVE-2024-51655 WordPress Custom Author URL plugin <= 2.0.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

Cross-Site Request Forgery CSRF vulnerability in microkid Custom Author URL author-slug allows Stored XSS.This issue affects Custom Author URL: from n/a through = 2.0.1...

WordPress plugin Custom Author URL 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

WordPress Custom Author URL plugin <= 2.0.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

CSRF to Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Custom Author URL versions = 2.0.1...

WordPress Custom Author URL Plugin <= 2.0.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Custom Author URL Type Plugin Vulnerable versions = 2.0.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-51655 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID c966f24d37c5 Credits SOPROBRO Required...

CVE-2023-1614

The WP Custom Author URL WordPress plugin before 1.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-1614 WP Custom Author URL < 1.0.5 - Admin+ Stored XSS

The WP Custom Author URL WordPress plugin before 1.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-1614

CVE-2023-1614 affects the WordPress plugin WP Custom Author URL (pre-1.0.5). The vulnerability stems from insufficient sanitization/escaping of certain plugin settings, enabling Stored Cross-Site Scripting by high-privilege users (e.g., admins) even when unfiltered_html is disallowed. Public deta...

WordPress plugin WP Custom Author URL 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A cross-site scripting vulnerability exists...

PT-2023-17119 · WordPress · Wp Custom Author Url

Name of the Vulnerable Software and Affected Versions: WP Custom Author URL WordPress plugin versions prior to 1.0.5 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for...