2 matches found
CVE-2024-8364
The WP Custom Fields Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcfs-preset shortcode in all versions up to, and including, 1.2.35 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-8364 WP Custom Fields Search <= 1.2.35 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpcfs-preset Shortcode
The WP Custom Fields Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcfs-preset shortcode in all versions up to, and including, 1.2.35 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...