928 matches found
CVE-2025-12175
The Events Calendar WordPress plugin (versions up to 6.15.9) has an unauthorized access flaw due to a missing capability check on the tec_qr_code_modal AJAX endpoint. This allows authenticated users with Subscriber-level access and above to view draft event names and to generate/view QR codes. Wo...
CVE-2025-11741
The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.2.5 via the 'woosqquickview' AJAX endpoint due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated...
CVE-2025-11741 WPC Smart Quick View for WooCommerce <= 4.2.5 - Insecure Direct Object Reference to Unauthenticated Private Product Exposure
The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.2.5 via the 'woosqquickview' AJAX endpoint due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated...
EUVD-2025-33818
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'drafts' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-11197 Draft List <= 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'drafts' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-11197 Draft List <= 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'drafts' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2025-11197
CVE-2025-11197 concerns the Draft List plugin for WordPress, vulnerable to Stored Cross-Site Scripting via the drafts shortcode in all versions up to 2.6.1. The attacker must have contributor-level access or higher to inject scripts that execute when users load injected pages. Connected sources c...
PT-2025-41643
Name of the Vulnerable Software and Affected Versions Draft List plugin for WordPress versions prior to 2.6.1 Description The software contains a flaw due to insufficient input sanitization and output escaping on user supplied attributes within the 'drafts' shortcode. This allows authenticated...
WordPress plugin Draft List 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Draft List plugin <= 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Draft List versions = 2.6.1...
Exploit for CVE-2025-54352
CVE-2025-54352 PoC Usage Steps to install and test the Wor...
EUVD-2011-4962
Malware in sbrugna...
EUVD-2021-0102
Malware in sbrugna...
EUVD-2008-4472
Malware in sbrugna...
EUVD-2012-6481
Malware in sbrugna...
EUVD-2021-11645
Malware in sbrugna...
EUVD-2006-7197
Malware in sbrugna...
EUVD-2016-5606
Malware in sbrugna...
EUVD-2021-11687
Malware in sbrugna...
EUVD-2010-4771
Malware in sbrugna...