5 matches found
CVE-2023-6526
The Meta Box – WordPress Custom Fields Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta values displayed through the plugin's shortcode in all versions up to, and including, 5.9.2 due to insufficient input sanitization and output escaping. This make...
CVE-2023-6526
creationtimestamp| type| source ---|---|--- 2024-02-29 09:56:51+00:00| seen| https://t.me/ctinow/196422...
WordPress Meta Box – WordPress Custom Fields Framework Plugin <= 5.9.2 is vulnerable to Cross Site Scripting (XSS)
Software Meta Box – WordPress Custom Fields Framework Type Plugin Vulnerable versions = 5.9.2 Fixed in 5.9.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6526 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 03fafb4798e5...
CVE-2023-6526 Meta Box – WordPress Custom Fields Framework <= 5.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Meta Box – WordPress Custom Fields Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta values displayed through the plugin's shortcode in all versions up to, and including, 5.9.2 due to insufficient input sanitization and output escaping. This make...
CVE-2023-6526
CVE-2023-6526 affects the WordPress plugin Meta Box – WordPress Custom Fields Framework . The vulnerability is a Stored Cross-Site Scripting (XSS) via custom post meta values rendered by the plugin’s shortcode, present in all versions up to and including 5.9.2. The root cause is insufficient inpu...