Lucene search
K

3 matches found

Cvelist
Cvelist
added 2024/06/20 2:8 a.m.32 views

CVE-2024-3558 Custom Field Suite <= 2.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via cfs[post_title]

The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfsposttitle' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.4CVSS0.00413EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2024/06/20 2:8 a.m.25 views

CVE-2024-3558 Custom Field Suite <= 2.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via cfs[post_title]

The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfsposttitle' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.4CVSS5.8AI score0.00413EPSS
Exploits1References8
Patchstack
Patchstack
added 2024/06/19 12:0 a.m.12 views

WordPress Custom Field Suite Plugin <= 2.6.7 is vulnerable to Cross Site Scripting (XSS)

Software Custom Field Suite Type Plugin Vulnerable versions = 2.6.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3558 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 16f6a09d2c8e Credits Jack Taylor Required...

6.4CVSS5.8AI score0.00413EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder