EUVD-2023-59185

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

WordPress Custom Fields plugin vulnerable to Stored Cross-Site Scripting in versions up to 5.0.4.

Reporter	Title	Published	Views	Family All 10
ATTACKERKB	CVE-2023-6993	9 Apr 202419:15	–	attackerkb
CVE	CVE-2023-6993	9 Apr 202418:58	–	cve
Cvelist	CVE-2023-6993 Custom post types, Custom Fields & more <= 5.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	9 Apr 202418:58	–	cvelist
NVD	CVE-2023-6993	9 Apr 202419:15	–	nvd
Patchstack	WordPress Custom post types plugin <= 5.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability	5 Apr 202400:48	–	patchstack
Patchstack	WordPress Custom post types Plugin <= 5.0.4 is vulnerable to Cross Site Scripting (XSS)	5 Apr 202400:00	–	patchstack
RedhatCVE	CVE-2023-6993	23 May 202502:05	–	redhatcve
Vulnrichment	CVE-2023-6993	9 Apr 202418:58	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (April 1, 2024 to April 7, 2024)	11 Apr 202417:23	–	wordfence
WPVulnDB	Custom post types, Custom Fields & more < 5.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	4 Apr 202400:00	–	wpvulndb

[
  {
    "enisaIdVendor": [
      {
        "id": "5e0a67d1-b814-3f36-8369-a745e0b530a9",
        "vendor": {
          "name": "totalpressorg"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "2c11470b-e5ec-38bc-a9a9-2b99291160df",
        "product": {
          "name": "Custom post types, Custom Fields & more"
        },
        "product_version": "* ≤5.0.4"
      },
      {
        "id": "77033d8c-30ec-33fa-b3e6-099035c4764a",
        "product": {
          "name": "Custom post types, Custom Fields & more"
        }
      }
    ]
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/2b1449a9-6c89-4dec-8107-86cf8a295025
plugins	www.plugins.trac.wordpress.org/changeset

03 Oct 2025 20:07Current

8.9High risk

Vulners AI Score8.9

CVSS 3.16.4

EPSS0.00183

SSVC