3 matches found
Custom Field Manager WordPress - Cross-Site Scripting
Custom Field Manager WordPress plugin through 1.0 contains a reflected XSS caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires crafted request. id: CVE-2024-12873 info: name: Custom Field Manager...
CVE-2024-12873
The Custom Field Manager WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-12873
The CVE-2024-12873 entry concerns the WordPress plugin Custom Field Manager (versions up to 1.0). The root cause is that the plugin does not sanitize and escape a parameter before echoing it back in the page, producing a reflected XSS. Impact is described as enabling script execution in admin or ...