29 matches found
WordPress Draft List plugin 2.6.3-2.6.3 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Draft List versions 2.6.3-2.6.3...
CVE-2026-9104
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...
CVE-2026-9104
The CVE concerns the Draft List plugin for WordPress, affecting all versions up to 2.6.3. It describes a Stored Cross-Site Scripting (XSS) vulnerability in draft post titles caused by insufficient input sanitization and output escaping. Exploitation requires at least author-level access; authenti...
CVE-2026-9104 Draft List <= 2.6.3 - Authenticated (Author+) Stored Cross-Site Scripting via Draft Post Title
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...
EUVD-2026-31405
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...
CVE-2026-9104
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...
CVE-2026-9104 Draft List <= 2.6.3 - Authenticated (Author+) Stored Cross-Site Scripting via Draft Post Title
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...
PT-2026-42730
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to...
WordPress plugin Draft List 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
CVE-2026-4006
The Simple Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'displayname' post meta Custom Field in all versions up to and including 2.6.2. This is due to insufficient input sanitization and output escaping on the author display name when no author URL is...
WordPress Draft List plugin <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'display_name' Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'displayname' Parameter vulnerability discovered by WordFence in WordPress Plugin Draft List versions = 2.6.2...
CVE-2026-4006
The CVE-2026-4006 issue affects the WordPress Simple Draft List plugin (display_name via WP_Post::__get(), resolves it from get_post_meta, and assigns it to $author_link without escaping if user_url is empty, then injects it into shortcode output via str_replace, enabling authenticated attackers ...
CVE-2026-4006 Draft List <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'display_name' Parameter
The Simple Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'displayname' post meta Custom Field in all versions up to and including 2.6.2. This is due to insufficient input sanitization and output escaping on the author display name when no author URL is...
WordPress plugin Simple Draft List 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
EUVD-2025-33818
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'drafts' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-11197
CVE-2025-11197 concerns the Draft List plugin for WordPress, vulnerable to Stored Cross-Site Scripting via the drafts shortcode in all versions up to 2.6.1. The attacker must have contributor-level access or higher to inject scripts that execute when users load injected pages. Connected sources c...
CVE-2025-11197 Draft List <= 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'drafts' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-11197 Draft List <= 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'drafts' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
PT-2025-41643
Name of the Vulnerable Software and Affected Versions Draft List plugin for WordPress versions prior to 2.6.1 Description The software contains a flaw due to insufficient input sanitization and output escaping on user supplied attributes within the 'drafts' shortcode. This allows authenticated...
WordPress plugin Draft List 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...