cleantalk
Vulnerabilities and Security Researches

Authors List, cbbd4ece10cadfe6b69d301bf453299da41ad0b8

CVE, Research URL

cbbd4ece10cadfe6b69d301bf453299da41ad0b8

Home page URL

Security reports for Authors List

Application

Authors List

Published on
Jul 10, 2023
Research Description
Authors List [authors-list] < 2.0.3 Authors List <= 2.0.2 - Reflected Cross-Site Scripting via al_id The Authors List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the al_id parameter in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
max 2.0.3.
Status
vulnerable
Previous vulnerability researches
Authors List (CVE-2025-12010) , Dec 11, 2025
Authors List (CVE-2025-58792) , Sep 07, 2025
Authors List (CVE-2023-37981) , Jun 06, 2024
Authors List (cbbd4ece10cadfe6b69d301bf453299da41ad0b8) , Jun 06, 2024
Authors List (CVE-2024-13806) , Mar 03, 2025
New vulnerability
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX &#8211; Best FOMO, Social Proof, WooCommerce Sales Popup &amp; Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System &#8211; Booking Calendar (CVE-2025-68515) , Mar 31, 2026
UPI QR Code Payment Gateway for WooCommerce (CVE-2025-67969) , Mar 31, 2026