30 matches found
CVE-2026-9104
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...
WordPress Draft List plugin 2.6.3-2.6.3 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Draft List versions 2.6.3-2.6.3...
CVE-2026-9104
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...
CVE-2026-9104
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...
CVE-2026-9104 Draft List <= 2.6.3 - Authenticated (Author+) Stored Cross-Site Scripting via Draft Post Title
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...
EUVD-2026-31405
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...
CVE-2026-9104 Draft List <= 2.6.3 - Authenticated (Author+) Stored Cross-Site Scripting via Draft Post Title
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...
CVE-2026-9104
The CVE concerns the Draft List plugin for WordPress, affecting all versions up to 2.6.3. It describes a Stored Cross-Site Scripting (XSS) vulnerability in draft post titles caused by insufficient input sanitization and output escaping. Exploitation requires at least author-level access; authenti...
WordPress plugin Draft List 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
PT-2026-42730
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...
CVE-2026-4006
The Simple Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'displayname' post meta Custom Field in all versions up to and including 2.6.2. This is due to insufficient input sanitization and output escaping on the author display name when no author URL is...
WordPress Draft List plugin <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'display_name' Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'displayname' Parameter vulnerability discovered by WordFence in WordPress Plugin Draft List versions = 2.6.2...
CVE-2026-4006 Draft List <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'display_name' Parameter
The Simple Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'displayname' post meta Custom Field in all versions up to and including 2.6.2. This is due to insufficient input sanitization and output escaping on the author display name when no author URL is...
CVE-2026-4006
The CVE-2026-4006 issue affects the WordPress Simple Draft List plugin (display_name via WP_Post::__get(), resolves it from get_post_meta, and assigns it to $author_link without escaping if user_url is empty, then injects it into shortcode output via str_replace, enabling authenticated attackers ...
WordPress plugin Simple Draft List 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
EUVD-2025-33818
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'drafts' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-11197 Draft List <= 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'drafts' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-11197
CVE-2025-11197 concerns the Draft List plugin for WordPress, vulnerable to Stored Cross-Site Scripting via the drafts shortcode in all versions up to 2.6.1. The attacker must have contributor-level access or higher to inject scripts that execute when users load injected pages. Connected sources c...
CVE-2025-11197 Draft List <= 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'drafts' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WordPress plugin Draft List 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...