3 matches found
CVE-2021-24871
The Get Custom Field Values WordPress plugin before 4.0.1 does not escape custom fields before outputting them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...
CVE-2021-24871
The CVE-2021-24871 entry concerns the WordPress Get Custom Field Values plugin (pre-4.0.1). The underlying issue is lack of escaping/output sanitization of custom field values, enabling Cross-Site Scripting (XSS) for users with a role as low as contributor. Affected component is the plugin’s outp...
CVE-2021-24871 Get Custom Field Values < 4.0.1 - Contributor+ Stored Cross-Site Scripting
The Get Custom Field Values WordPress plugin before 4.0.1 does not escape custom fields before outputting them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...