2 matches found
CVE-2024-3559
CVE-2024-3559 describes a Stored Cross-Site Scripting (XSS) in the WordPress plugin Custom Field Suite up to version 2.6.7, due to insufficient input sanitization and output escaping on the cfs[post_content] parameter. Exploitation requires authenticated access at contributor level or higher, and...
CVE-2024-3559 Custom Field Suite <= 2.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via cfs[post_content]
The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfspostcontent' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-lev...