4 matches found
CVE-2026-57238
After the application opened the PDF, JavaScript deleted the form field object. Subsequently, it attempted to access the invalid object, which caused the application to crash...
CVE-2026-4068 Add Custom Fields to Media <= 2.0.3 - Cross-Site Request Forgery to Custom Field Deletion via 'delete' Parameter
The Add Custom Fields to Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.3. This is due to missing nonce validation on the field deletion functionality in the admin display template. The plugin properly validates a nonce for the 'ad...
CVE-2026-4068
CVE-2026-4068 affects the WordPress plugin Add Custom Fields to Media (
PT-2026-26258
The Add Custom Fields to Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.3. This is due to missing nonce validation on the field deletion functionality in the admin display template. The plugin properly validates a nonce for the 'ad...