CVE-2024-1995 Smart Custom Fields <= 4.2.2 - Missing Authorization to Authenticated (Subscriber+) Post Content Disclosure

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relationalpostssearch function in all versions up to, and including, 4.2.2. This makes it possible for authenticated attackers, with subscrber-level access and above,...

CVE-2024-1995 Smart Custom Fields <= 4.2.2 - Missing Authorization to Authenticated (Subscriber+) Post Content Disclosure

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relationalpostssearch function in all versions up to, and including, 4.2.2. This makes it possible for authenticated attackers, with subscrber-level access and above,...

WordPress Plugin Smart Custom Fields Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

CVE-2024-28394

An issue in Advanced Plugins reportsstatistics v1.3.20 and before allows a remote attacker to execute arbitrary code via the Sales Reports, Statistics, Custom Fields & Export module...

CVE-2024-28394

An issue in Advanced Plugins reportsstatistics v1.3.20 and before allows a remote attacker to execute arbitrary code via the Sales Reports, Statistics, Custom Fields & Export module...

CVE-2024-28394

An issue in Advanced Plugins reportsstatistics v1.3.20 and before allows a remote attacker to execute arbitrary code via the Sales Reports, Statistics, Custom Fields & Export module...

PrestaShop Security Breach

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The program provides a variety of payment methods, SMS alerts and product image zoom and other features. A security vulnerability exists in PrestaShop Sales Reports, Statistics, Custom Fields & Export...

Smart Custom Fields < 5.0.0 - Missing Authorization to Authenticated (Subscriber+) Post Content Disclosure

Description The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relationalpostssearch function in all versions up to, and including, 4.2.2. This makes it possible for authenticated attackers, with subscrber-level acces...

PT-2024-18483 · WordPress · Smart Custom Fields

Name of the Vulnerable Software and Affected Versions: Smart Custom Fields plugin for WordPress versions up to, and including, 4.2.2 Description: The issue arises from a missing capability check on the relational posts search function, allowing authenticated attackers with subscriber-level access...

CVE-2024-28394

The CVE-2024-28394 issue affects Advanced Plugins reportsstatistics versions 1.3.20 and earlier, allowing a remote attacker to execute arbitrary code via the Sales Reports, Statistics, Custom Fields & Export module. The vulnerability is documented across multiple sources (NVD/Red Hat/CVE List) wi...

CVE-2023-6880

The Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom fields in all versions up to, and including, 45.6.0 due to insufficient input sanitizatio...

CVE-2023-6809

The Custom fields shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cf shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied custom post meta values. This makes it possible for...

CVE-2023-6809

The Custom fields shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cf shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied custom post meta values. This makes it possible for...

Cross site scripting

The Custom fields shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cf shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied custom post meta values. This makes it possible for...

CVE-2023-6809 Custom fields shortcode <= 0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode

The Custom fields shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cf shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied custom post meta values. This makes it possible for...

CVE-2023-6809 Custom fields shortcode <= 0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode

The Custom fields shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cf shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied custom post meta values. This makes it possible for...

PT-2024-15115 · WordPress · Visual Composer Website Builder

Name of the Vulnerable Software and Affected Versions: Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages plugin for WordPress versions up to, and including, 45.6.0 Description: The issue is related to Stored Cross-Site Scripting via...

WordPress Plugin Custom fields shortcode security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

PT-2024-15093 · WordPress · Custom Fields Shortcode Plugin

Name of the Vulnerable Software and Affected Versions: Custom fields shortcode plugin for WordPress version 0.1 and earlier Description: The issue arises from insufficient input sanitization and output escaping on user-supplied custom post meta values, allowing authenticated attackers with...

CVE-2024-25845

In the module "CD Custom Fields 4 Orders" cdcustomfields4orders = 1.0.0 from Cleanpresta.com for PrestaShop, a guest can perform SQL injection in affected versions...