CVE-2026-4006 | dartiss Draft List Plugin up to 2.6.2 on WordPress Shortcode WP_Post::__get cross site scripting

Inserito da Angelo Barbosa | Mar 19, 2026 | CVE

A vulnerability described as problematic has been identified in dartiss Draft List Plugin up to 2.6.2 on WordPress. This affects the function WP_Post::__get of the component Shortcode Handler. The manipulation results in cross site scripting.

This vulnerability was named CVE-2026-4006. The attack may be performed from remote. There is no available exploit.

Upgrading the affected component is recommended.

CVE-2026-4006 | dartiss Draft List Plugin up to 2.6.2 on WordPress Shortcode WP_Post::__get cross site scripting

Post correlati

CVE-2024-11178 | Login with OTP Plugin up to 1.4.2 on WordPress improper authentication

CVE-2024-12535 | Host PHP Info Plugin up to 1.0.4 on WordPress authorization

CVE-2025-1355 | needyamin Library Card System 1.0 Add Picture /signup.php unrestricted upload

CVE-2024-2856 | Tenda AC10 16.03.10.13/16.03.10.20 /goform/SetSysTimeCfg fromSetSysTime timeZone stack-based overflow