Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.4 views

CVE-2026-4006

The Simple Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'displayname' post meta Custom Field in all versions up to and including 2.6.2. This is due to insufficient input sanitization and output escaping on the author display name when no author URL is...

6.4CVSS6AI score0.00257EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/19 9:30 a.m.4 views

EUVD-2026-13069

The Simple Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'displayname' post meta Custom Field in all versions up to and including 2.6.2. This is due to insufficient input sanitization and output escaping on the author display name when no author URL is...

6.4CVSS6AI score0.00257EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/03/19 6:46 a.m.24 views

CVE-2026-4006 Draft List <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'display_name' Parameter

The Simple Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'displayname' post meta Custom Field in all versions up to and including 2.6.2. This is due to insufficient input sanitization and output escaping on the author display name when no author URL is...

6.4CVSS0.00257EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/19 6:46 a.m.2 views

CVE-2026-4006

The Simple Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'displayname' post meta Custom Field in all versions up to and including 2.6.2. This is due to insufficient input sanitization and output escaping on the author display name when no author URL is...

6.4CVSS6AI score0.00257EPSS
Exploits0References7
CVE
CVE
added 2026/03/19 6:46 a.m.12 views

CVE-2026-4006

The CVE-2026-4006 issue affects the WordPress Simple Draft List plugin (display_name via WP_Post::__get(), resolves it from get_post_meta, and assigns it to $author_link without escaping if user_url is empty, then injects it into shortcode output via str_replace, enabling authenticated attackers ...

6.4CVSS6AI score0.00257EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.4 views

PT-2026-26257

Name of the Vulnerable Software and Affected Versions Simple Draft List plugin for WordPress versions up to and including 2.6.2 Description The Simple Draft List plugin for WordPress is susceptible to Stored Cross-Site Scripting through the display name post meta Custom Field. This is a result of...

6.4CVSS6AI score0.00257EPSS
Exploits0References9
Rows per page
Query Builder