56 matches found
CVE-2026-3173
The Meta Field Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to and including 1.5.1. Authenticated attackers with Contributor-level access or higher can read arbitrary user meta, post meta, and term meta from any object, potentially exposing PII (...
CVE-2026-3173
The Meta Field Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.5.1. This is due to the plugin allowing users to specify arbitrary object IDs and object types via block attributes without validating whether the authenticated user...
PT-2026-44188
The Meta Field Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.5.1. This is due to the plugin allowing users to specify arbitrary object IDs and object types via block attributes without validating whether the authenticated user...
WordPress plugin Meta Field Block 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
WordPress Meta Field Block – Display custom fields in the Block Editor without coding plugin <= 1.5.1 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary User Meta Exposure vulnerability
Insecure Direct Object Reference to Authenticated Contributor+ Arbitrary User Meta Exposure vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Meta Field Block versions = 1.5.1...
CVE-2026-6252
The Meta Field Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tagName' block attribute in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-lev...
CVE-2026-6252
The Meta Field Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tagName' block attribute in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-lev...
EUVD-2026-30252
The Meta Field Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tagName' block attribute in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-lev...
CVE-2026-6252 Meta Field Block <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tagName' Block Attribute
The Meta Field Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tagName' block attribute in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-lev...
CVE-2026-6252
The CVE covers the WordPress plugin Meta Field Block (display-a-meta-field-as-block) with versions up to 1.5.2 affected. The root cause is insufficient input sanitization and output escaping in the tagName block attribute, enabling Stored Cross-Site Scripting. Exploitation requires authenticated ...
CVE-2026-6252 Meta Field Block <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tagName' Block Attribute
The Meta Field Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tagName' block attribute in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-lev...
PT-2026-40889
The Meta Field Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tagName' block attribute in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-lev...
WordPress plugin Meta Field Block 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress Meta Field Block – Display custom fields in the Block Editor without coding plugin <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Meta Field Block versions = 1.5.2...
CVE-2026-7635
The CVE-2026-7635 entry concerns the coreActivity: Activity Logging for WordPress plugin for WordPress, affected up to version 3.0. The vulnerability arises from unsanitized PHP serialization in the User-Agent header stored to the logmeta table and later deserialized via maybe_unserialize() durin...
EUVD-2026-29079
Corteza contains a SQL injection vulnerability in its Microsoft SQL Server MSSQL backend when filtering Compose records by the meta field.This issue affects corteza: 2024.9.8...
CVE-2026-6093
Corteza contains a SQL injection vulnerability in its Microsoft SQL Server MSSQL backend when filtering Compose records by the meta field.This issue affects corteza: 2024.9.8...
CVE-2026-6093
CVE-2026-6093 describes a SQL injection vulnerability in Corteza’s MSSQL backend, triggered when filtering Compose records by the meta field. The root cause is an incorrect T-SQL string escaping, affecting Corteza 2024.9.8. Exploit details and mitigations are not provided in the connected documen...
PT-2026-39621
Name of the Vulnerable Software and Affected Versions Corteza version 2024.9.8 Description An issue exists in the Microsoft SQL Server MSSQL backend when filtering Compose records by the meta field, which allows for SQL injection. SQL injection is a type of flaw that enables an attacker to...
WordPress Meta Field Block – Display custom fields in the Block Editor without coding plugin <= 1.3.3 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Meta Field Block versions = 1.3.3...