CVE-2024-9588

The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the 'wpaftoptionpage' function. This makes it possible for unauthenticated attackers to add and...

CVE-2024-9588 Category and Taxonomy Meta Fields <= 1.0.0 - Cross-Site Request Forgery to Taxonomy Meta Add/Delete

The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the 'wpaftoptionpage' function. This makes it possible for unauthenticated attackers to add and...

CVE-2024-9588 Category and Taxonomy Meta Fields <= 1.0.0 - Cross-Site Request Forgery to Taxonomy Meta Add/Delete

The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the 'wpaftoptionpage' function. This makes it possible for unauthenticated attackers to add and...

CVE-2024-9588

CVE-2024-9588 affects the WordPress plugin “Category and Taxonomy Meta Fields” (versions

CVE-2024-9590 Category and Taxonomy Meta Fields <= 1.0.0 - Authenticated (Editor+) Stored Cross-Site Scripting

The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image meta field value in the 'wpaftaddmetatextinput' function in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied...

WordPress plugin Category and Taxonomy Meta Fields 跨站请求伪造漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in WordPress plug...

WordPress plugin Category and Taxonomy Meta Fields 跨站脚本漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin Category...

WordPress Category and Taxonomy Meta Fields plugin <= 1.0.0 - Cross-Site Request Forgery to Taxonomy Meta Add/Delete vulnerability

Cross-Site Request Forgery to Taxonomy Meta Add/Delete vulnerability discovered by István Márton in WordPress Plugin Category and Taxonomy Meta Fields versions = 1.0.0...

WordPress Category and Taxonomy Meta Fields plugin <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by István Márton in WordPress Plugin Category and Taxonomy Meta Fields versions = 1.0.0...

WordPress Category and Taxonomy Meta Fields Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Category and Taxonomy Meta Fields Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9589 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6c6a133f113d Credits István...

WordPress Category and Taxonomy Meta Fields Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Category and Taxonomy Meta Fields Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9590 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0608197ee970 Credits István...