26 matches found
CVE-2026-6252
The Meta Field Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tagName' block attribute in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-lev...
CVE-2026-3173
The Meta Field Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to and including 1.5.1. Authenticated attackers with Contributor-level access or higher can read arbitrary user meta, post meta, and term meta from any object, potentially exposing PII (...
CVE-2026-3173
The Meta Field Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.5.1. This is due to the plugin allowing users to specify arbitrary object IDs and object types via block attributes without validating whether the authenticated user...
PT-2026-44188
The Meta Field Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.5.1. This is due to the plugin allowing users to specify arbitrary object IDs and object types via block attributes without validating whether the authenticated user...
WordPress plugin Meta Field Block 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
WordPress Meta Field Block – Display custom fields in the Block Editor without coding plugin <= 1.5.1 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary User Meta Exposure vulnerability
Insecure Direct Object Reference to Authenticated Contributor+ Arbitrary User Meta Exposure vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Meta Field Block versions = 1.5.1...
CVE-2026-6252
The Meta Field Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tagName' block attribute in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-lev...
CVE-2026-6252
The Meta Field Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tagName' block attribute in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-lev...
CVE-2026-6252 Meta Field Block <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tagName' Block Attribute
The Meta Field Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tagName' block attribute in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-lev...
EUVD-2026-30252
The Meta Field Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tagName' block attribute in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-lev...
CVE-2026-6252 Meta Field Block <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tagName' Block Attribute
The Meta Field Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tagName' block attribute in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-lev...
CVE-2026-6252
The CVE covers the WordPress plugin Meta Field Block (display-a-meta-field-as-block) with versions up to 1.5.2 affected. The root cause is insufficient input sanitization and output escaping in the tagName block attribute, enabling Stored Cross-Site Scripting. Exploitation requires authenticated ...
PT-2026-40889
The Meta Field Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tagName' block attribute in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-lev...
WordPress plugin Meta Field Block 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress Meta Field Block – Display custom fields in the Block Editor without coding plugin <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Meta Field Block versions = 1.5.2...
WordPress Meta Field Block – Display custom fields in the Block Editor without coding plugin <= 1.3.3 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Meta Field Block versions = 1.3.3...
EUVD-2024-40170
Malicious code in bioql PyPI...
CVE-2024-43278
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Phi Phan Meta Field Block allows Stored XSS.This issue affects Meta Field Block: from n/a through 1.2.13...
CVE-2024-43278
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Phi Phan Meta Field Block allows Stored XSS.This issue affects Meta Field Block: from n/a through 1.2.13...
CVE-2024-43278
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Phi Phan Meta Field Block allows Stored XSS.This issue affects Meta Field Block: from n/a through 1.2.13...