2 matches found
CVE-2023-6982
The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and postmeta in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplie...
CVE-2023-6982
CVE-2023-6982 affects the WordPress plugin Display custom fields in the frontend – Post and User Profile Fields (shortcode-to-display-post-and-user-data). It is a stored XSS flaw caused by insufficient input sanitization/output escaping on user-supplied attributes in shortcode/postmeta, exploitab...