Lucene search
K

11 matches found

NVD
NVD
added 2026/04/29 4:16 p.m.9 views

CVE-2026-40229

Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML in their account name field and cause it to be rendered unescaped in public forum threads where they participate, in the admin ticket view, and in HTML...

5.4CVSS0.00177EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/29 3:34 p.m.36 views

CVE-2026-40229 Helpy 2.8.0 - Stored XSS in post author display via PostsHelper

Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML in their account name field and cause it to be rendered unescaped in public forum threads where they participate, in the admin ticket view, and in HTML...

5.1CVSS0.00177EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/29 3:34 p.m.5 views

EUVD-2026-26244

Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML in their account name field and cause it to be rendered unescaped in public forum threads where they participate, in the admin ticket view, and in HTML...

5.1CVSS5AI score0.00177EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.9 views

Helpy 跨站脚本漏洞

Helpy is an open-source customer support application developed by the American company Helpy. This program includes features such as a knowledge base, community discussions, and email support. Version 2.8.0 of Helpy contains a cross-site scripting vulnerability, which stems from the storage-based...

5.4CVSS5.8AI score0.00177EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.4 views

CVE-2026-4006

The Simple Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'displayname' post meta Custom Field in all versions up to and including 2.6.2. This is due to insufficient input sanitization and output escaping on the author display name when no author URL is...

6.4CVSS6AI score0.00257EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/19 9:30 a.m.4 views

EUVD-2026-13069

The Simple Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'displayname' post meta Custom Field in all versions up to and including 2.6.2. This is due to insufficient input sanitization and output escaping on the author display name when no author URL is...

6.4CVSS6AI score0.00257EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/03/19 6:46 a.m.2 views

CVE-2026-4006

The Simple Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'displayname' post meta Custom Field in all versions up to and including 2.6.2. This is due to insufficient input sanitization and output escaping on the author display name when no author URL is...

6.4CVSS6AI score0.00257EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/03/19 6:46 a.m.26 views

CVE-2026-4006 Draft List <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'display_name' Parameter

The Simple Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'displayname' post meta Custom Field in all versions up to and including 2.6.2. This is due to insufficient input sanitization and output escaping on the author display name when no author URL is...

6.4CVSS0.00257EPSS
Exploits0References6
CVE
CVE
added 2026/03/19 6:46 a.m.14 views

CVE-2026-4006

The CVE-2026-4006 issue affects the WordPress Simple Draft List plugin (display_name via WP_Post::__get(), resolves it from get_post_meta, and assigns it to $author_link without escaping if user_url is empty, then injects it into shortcode output via str_replace, enabling authenticated attackers ...

6.4CVSS6AI score0.00257EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.4 views

PT-2026-26257

Name of the Vulnerable Software and Affected Versions Simple Draft List plugin for WordPress versions up to and including 2.6.2 Description The Simple Draft List plugin for WordPress is susceptible to Stored Cross-Site Scripting through the display name post meta Custom Field. This is a result of...

6.4CVSS6AI score0.00257EPSS
Exploits0References9
OSV
OSV
added 2024/04/10 6:15 a.m.5 views

CVE-2024-2655

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post widgets in all versions up to, and including, 8.3.5 due to insufficient input sanitization and output escaping on author display names. This makes it possible for authenticated...

5.4CVSS6AI score0.00452EPSS
Exploits0References2
Rows per page
Query Builder