4 matches found
CVE-2024-0689 Custom Field Suite <= 2.6.4 - Authenticated (Admin+) Stored Cross-Site Scripting
The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a meta import in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on the meta values. This makes it possible for authenticated attackers, with...
Cross site scripting
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Matt Gibbs Custom Field Suite plugin = 2.6.2.1 versions...
CVE-2023-32515 WordPress Custom Field Suite Plugin <= 2.6.2.1 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Matt Gibbs Custom Field Suite plugin = 2.6.2.1 versions...
CVE-2023-32515
CVE-2023-32515 affects WordPress Custom Field Suite plugin, vulnerable in versions