MEDIUM
dartiss
CVE published 2026-05-22
CVE-2026-9104
CVE-2026-9104 is a stored cross-site scripting issue in the Draft List WordPress plugin. An authenticated attacker with author-level access or higher can place malicious content in a draft post title, and the payload can execute when another user views the affected page, especially when that viewer lacks edit capabilities. Because the vulnerability is stored and can affect unauthenticated users, subscribe [truncated]