Anas Mokhtari

**Name of the Vulnerable Software and Affected Versions** Social Post Embed versions prior to 2.0.2 **Description** The Social Post Embed plugin for WordPress contains a Stored Cross-Site Scripting issue within the Threads embed handler. This occurs because of insufficient input sanitization and output escaping of the user-supplied URL. Authenticated attackers with Contributor-level access or higher can inject arbitrary web scripts into pages, which then execute when a user visits the affected page. **Recommendations** Update the plugin to a version later than 2.0.1.

**Name of the Vulnerable Software and Affected Versions** Simple Draft List plugin for WordPress versions up to and including 2.6.2 **Description** The Simple Draft List plugin for WordPress is susceptible to Stored Cross-Site Scripting through the `display name` post meta (Custom Field). This is a result of inadequate input sanitization and output escaping on the author display name when no author URL is available. The plugin retrieves `$draft data->display name`, which triggers `WP Post:: get()` and resolves to `get post meta($post id, 'display name', true)`. When the `user url` meta field is empty, the `$author` value is assigned to `$author link` without any escaping. This unescaped value is then included in the shortcode output via `str replace()`. Authenticated attackers with Contributor-level access or higher can inject arbitrary web scripts into pages, which will execute when a user accesses a page containing the `[drafts]` shortcode with the `{{author+link}}` template tag. **Recommendations** Update the Simple Draft List plugin to a version beyond 2.6.2.