What this page helps you verify fast
This hub clusters every indexed record for DrawBlog so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.
Review known vulnerability records for the WordPress plugin DrawBlog (`drawblog`), including severity, CVE references, affected versions, and patch status.
Recent tracked CVEs on this page include CVE-2021-24479, so operators can jump from disclosure to patch validation without scanning the full feed first.
This hub clusters every indexed record for DrawBlog so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.
These recent records surface the CVE strings, patch cues, and direct report links most operators need first.
The DrawBlog WordPress plugin through 0.90 does not sanitise or validate some of its settings before outputting them back in the page, leading to an authenticated stored Cross-Site Scripting...
The DrawBlog plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions before 0.81. This is due to missing or incorrect nonce validation on the drawblog_update_options fun...
Sorted by latest disclosure date so newly published issues surface first.
The DrawBlog WordPress plugin through 0.90 does not sanitise or validate some of its settings before outputting them back in the page, leading to an authenticated stored Cross-Site Scripting issue
The DrawBlog plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions before 0.81. This is due to missing or incorrect nonce validation on the drawblog_update_options function. This makes it possible for unauthenticated attackers to arbitrarily change plugin s...