3 matches found
CVE-2026-9008
The Page-list plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.2. This is due to the pagelistunqprfxextshortcode function the pagelistext / pagelistext shortcode accepting attacker-controlled poststatus, posttype, and showmetakey attributes and...
EUVD-2026-34939
The Page-list plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.2. This is due to the pagelistunqprfxextshortcode function the pagelistext / pagelistext shortcode accepting attacker-controlled poststatus, posttype, and showmetakey attributes and...
CVE-2025-58030 WordPress Page-list Plugin <= 5.8 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webvitaly Page-list page-list allows Stored XSS.This issue affects Page-list: from n/a through = 5.8...