PT-2024-17414 · WordPress · Meta Box

Name of the Vulnerable Software and Affected Versions: Meta Box WordPress plugin versions prior to 5.9.4 Description: The issue allows users with at least the contributor role to access arbitrary custom fields assigned to other user's posts. Recommendations: For versions prior to 5.9.4, update to...

WordPress Filter Custom Fields & Taxonomies Light plugin <= 1.05 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Filter Custom Fields & Taxonomies Light versions = 1.05...

CVE-2024-29220

Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in custom fields for labels. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product...

WordPress Filter Custom Fields & Taxonomies Light Plugin <= 1.05 is vulnerable to Broken Access Control

Software Filter Custom Fields & Taxonomies Light Type Plugin Vulnerable versions = 1.05 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32081 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 428ec5de3319 Credits Mika...

CVE-2023-6694

The Beaver Themer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied custom fields. This makes it possible for authenticated attackers...

Custom post types, Custom Fields & more < 5.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Custom post types, Custom Fields & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and custom post meta in all versions up to, and including, 5.0.4 due to insufficient input sanitization and output escaping on user supplied post me...

CVE-2024-31094

A vulnerability in websupporter Filter Custom Fields & Taxonomies Light filter-custom-fields-taxonomies-light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through = 1.05...

CVE-2024-31094

Deserialization of Untrusted Data vulnerability in Filter Custom Fields & Taxonomies Light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through 1.05...

CVE-2024-31094 WordPress Filter Custom Fields & Taxonomies Light plugin <= 1.05 - PHP Object Injection vulnerability

A vulnerability in websupporter Filter Custom Fields & Taxonomies Light filter-custom-fields-taxonomies-light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through = 1.05...

CVE-2024-31094

CVE-2024-31094 affects Filter Custom Fields & Taxonomies Light (WordPress). The issue is described as Deserialization of Untrusted Data (PHP object injection) in the plugin up to version 1.05. The Red Hat entry and a Wordfence vulnerability listing confirm the vulnerability exists in this plugin ...

CVE-2024-31094 WordPress Filter Custom Fields & Taxonomies Light plugin <= 1.05 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Filter Custom Fields & Taxonomies Light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through 1.05...

PT-2024-23762 · Unknown · Filter Custom Fields & Taxonomies Light

Name of the Vulnerable Software and Affected Versions: Filter Custom Fields & Taxonomies Light versions 1.05 and earlier Description: The issue is related to Deserialization of Untrusted Data, which affects Filter Custom Fields & Taxonomies Light. Recommendations: For Filter Custom Fields &...

WordPress Plugin Filter Custom Fields & Taxonomies Light 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Filter Custom Fields & Taxonomies Light Plugin <= 1.05 is vulnerable to PHP Object Injection

Software Filter Custom Fields & Taxonomies Light Type Plugin Vulnerable versions = 1.05 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-31094 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 49ff4d1a6e1e Credits Mika Required...

CVE-2024-1564

The wp-schema-pro WordPress plugin before 2.7.16 does not validate post access allowing a contributor user to access custom fields on any post regardless of post type or status via a shortcode...

CVE-2024-1564

The wp-schema-pro WordPress plugin before 2.7.16 does not validate post access allowing a contributor user to access custom fields on any post regardless of post type or status via a shortcode...

CVE-2024-1564 Schema Pro < 2.7.16 - Contributor+ Custom Field Access

The wp-schema-pro WordPress plugin before 2.7.16 does not validate post access allowing a contributor user to access custom fields on any post regardless of post type or status via a shortcode...

CVE-2024-1564 Schema Pro < 2.7.16 - Contributor+ Custom Field Access

The wp-schema-pro WordPress plugin before 2.7.16 does not validate post access allowing a contributor user to access custom fields on any post regardless of post type or status via a shortcode...

CVE-2024-1564

The CVE-2024-1564 entry concerns the wp-schema-pro WordPress plugin. Affected versions prior to 2.7.16 do not validate post access, enabling a Contributor-level user to read custom fields on any post (regardless of post type or status) by using a shortcode. The underlying issue is a missing autho...

CVE-2024-1995

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relationalpostssearch function in all versions up to, and including, 4.2.2. This makes it possible for authenticated attackers, with subscrber-level access and above,...