2 matches found
CVE-2026-4006
The Simple Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'displayname' post meta Custom Field in all versions up to and including 2.6.2. This is due to insufficient input sanitization and output escaping on the author display name when no author URL is...
PT-2024-33699 · Yoast · Yoast Seo
Name of the Vulnerable Software and Affected Versions: Yoast SEO plugin for WordPress versions up to, and including, 22.6 Description: The issue is related to Stored Cross-Site Scripting via the display name author meta due to insufficient input sanitization and output escaping. This allows...