35 matches found
PT-2024-17414 · WordPress · Meta Box
Name of the Vulnerable Software and Affected Versions: Meta Box WordPress plugin versions prior to 5.9.4 Description: The issue allows users with at least the contributor role to access arbitrary custom fields assigned to other user's posts. Recommendations: For versions prior to 5.9.4, update to...
CVE-2023-6526
The Meta Box – WordPress Custom Fields Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta values displayed through the plugin's shortcode in all versions up to, and including, 5.9.2 due to insufficient input sanitization and output escaping. This make...
CVE-2023-6526
The Meta Box – WordPress Custom Fields Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta values displayed through the plugin's shortcode in all versions up to, and including, 5.9.2 due to insufficient input sanitization and output escaping. This make...
WordPress Meta Box Plugin < 4.16.2 File Upload Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.112628";...
WordPress Meta Box Plugin Code Issue Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Meta Box plugin is a custom field plugin used in it. WordPress Meta Box plugin has a code issue vulnerability. No details of the...
CVE-2019-14794
The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders...
CVE-2019-14794
The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders...
Design/Logic Flaw
The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders...
CVE-2019-14794
CVE-2019-14794 affects the WordPress Meta Box plugin prior to version 4.16.2. The vulnerability arises from mishandling file uploads to custom folders, with a CVSS3 base score of 7.5 (network/vector, low access complexity, no privileges required, integrity impact HIGH). Public exploitation detail...
CVE-2019-14794
The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders...
CVE-2019-14793
The Meta Box plugin before 4.16.3 for WordPress allows file deletion via ajax, with the wp-admin/admin-ajax.php?action=rwmbdeletefile attachmentid parameter...
CVE-2019-14793
The Meta Box plugin before 4.16.3 for WordPress allows file deletion via ajax, with the wp-admin/admin-ajax.php?action=rwmbdeletefile attachmentid parameter...
CVE-2019-14793
CVE-2019-14793 concerns the WordPress WordPress Meta Box plugin (pre-4.16.3). The vulnerability enables unauthenticated? (via the description it’s difficult to confirm authentication) file deletion through an AJAX action (wp-admin/admin-ajax.php?action=rwmb_delete_file) with an attachment_id para...
CVE-2019-14793
The Meta Box plugin before 4.16.3 for WordPress allows file deletion via ajax, with the wp-admin/admin-ajax.php?action=rwmbdeletefile attachmentid parameter...
WordPress Multiple Meta Box Plugin <= 1.0 - Blind SQL Injection
Because of this vulnerability, the attackers and privileged user accounts can execute own sql commands to compromise the web-server or dbms. Solution Update the plugin...