Lucene search
K

539 matches found

Cvelist
Cvelist
added 2026/01/24 8:26 a.m.33 views

CVE-2026-0800 User Submitted Posts – Enable Users to Submit Posts from the Front End <= 20251210 - Unauthenticated Stored Cross-Site Scripting via Custom Field

The User Submitted Posts – Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom fields in all versions up to, and including, 20251210 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS0.00213EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/24 12:0 a.m.7 views

WordPress plugin User Submitted Posts cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.2CVSS5.7AI score0.00213EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/20 9:25 a.m.6 views

CVE-2025-14533 Advanced Custom Fields: Extended <= 0.9.2.1 - Unauthenticated Privilege Escalation via Insert User Form Action

The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 0.9.2.1. This is due to the 'insertuser' function not restricting the roles with which a user can register. This makes it possible for unauthenticated attackers to...

9.8CVSS5.5AI score0.00982EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 12:29 p.m.5 views

CVE-2023-40986

A stored cross-site scripting XSS vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field...

5.4CVSS5.6AI score0.00415EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:10 a.m.6 views

CVE-2019-11871

The Custom Field Suite plugin before 2.5.15 for WordPress has XSS for editors or admins...

5.4CVSS6.2AI score0.00946EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:53 a.m.9 views

CVE-2020-10484

CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to create a custom field via a crafted request...

4.3CVSS6.8AI score0.00475EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:47 a.m.6 views

CVE-2025-23952

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ntm custom-field-list-widget custom-field-list-widget allows PHP Local File Inclusion.This issue affects custom-field-list-widget: from n/a through = 1.5.1...

8.1CVSS7.2AI score0.00981EPSS
Exploits0References1
NVD
NVD
added 2026/01/06 5:16 a.m.5 views

CVE-2025-14997

The BuddyPress Xprofile Custom Field Types plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'deletefield' function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level...

8.8CVSS0.00615EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/06 4:31 a.m.2 views

CVE-2025-14997 BuddyPress Xprofile Custom Field Types <= 1.2.8 - Authenticated (Subscriber+) Arbitrary File Deletion

The BuddyPress Xprofile Custom Field Types plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'deletefield' function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level...

8.8CVSS7AI score0.00615EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/06 4:31 a.m.31 views

CVE-2025-14997 BuddyPress Xprofile Custom Field Types <= 1.2.8 - Authenticated (Subscriber+) Arbitrary File Deletion

The BuddyPress Xprofile Custom Field Types plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'deletefield' function in all versions up to, and including, 1.2.8. This makes it possible for authenticated attackers, with Subscriber-level...

8.8CVSS0.00615EPSS
Exploits0References3
CVE
CVE
added 2026/01/06 4:31 a.m.22 views

CVE-2025-14997

CVE-2025-14997 affects the BuddyPress Xprofile Custom Field Types plugin for WordPress. The root cause is insufficient file-path validation in the delete_field function across versions up to 1.2.8, enabling an authenticated attacker (Subscriber+) to delete arbitrary server files (e.g., wp-config....

8.8CVSS7AI score0.00615EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/06 12:0 a.m.2 views

WordPress plugin BuddyPress Xprofile Custom Field Types 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A path traversal...

8.8CVSS7.7AI score0.00615EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.7 views

WordPress Web to SugarCRM Lead plugin <= 1.0.0 - Cross-Site Request Forgery to Custom Field Deletion vulnerability

Cross-Site Request Forgery to Custom Field Deletion vulnerability discovered by dayea song - Ahnlab in WordPress Plugin Web to SugarCRM Lead versions = 1.0.0...

4.3CVSS5.9AI score0.00129EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/30 11:15 p.m.5 views

CVE-2025-68607

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hiroaki Miyashita Custom Field Template custom-field-template allows Stored XSS.This issue affects Custom Field Template: from n/a through = 2.7.7...

6.5CVSS5.9AI score0.0017EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/30 12:32 a.m.32 views

EUVD-2025-205657

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.7.5...

6.5CVSS5.5AI score0.0017EPSS
Exploits0References2
NVD
NVD
added 2025/12/29 10:15 p.m.9 views

CVE-2025-68607

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hiroaki Miyashita Custom Field Template custom-field-template allows Stored XSS.This issue affects Custom Field Template: from n/a through = 2.7.7...

6.5CVSS0.0017EPSS
Exploits0References1
CVE
CVE
added 2025/12/29 9:10 p.m.13 views

CVE-2025-68607

CVE-2025-68607: Custom Field Template (WordPress) stored XSS Affected software: Custom Field Template (WordPress plugin), affected range up to version 2.7.5 (inclusive). Nature of flaw: Improper neutralization of input during web page generation leads to stored cross-site scripting (Authenticated...

6.5CVSS5.9AI score0.0017EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/29 9:10 p.m.27 views

CVE-2025-68607 WordPress Custom Field Template plugin <= 2.7.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hiroaki Miyashita Custom Field Template custom-field-template allows Stored XSS.This issue affects Custom Field Template: from n/a through = 2.7.7...

6.5CVSS0.0017EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/29 9:10 p.m.3 views

CVE-2025-68607 WordPress Custom Field Template plugin <= 2.7.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.7.5...

6.5CVSS5.6AI score0.0017EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/29 12:0 a.m.4 views

WordPress plugin Custom Field Template 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site...

6.5CVSS5.7AI score0.0017EPSS
Exploits0References2
Rows per page
Query Builder