32 matches found
Custom Field Manager WordPress - Cross-Site Scripting
Custom Field Manager WordPress plugin through 1.0 contains a reflected XSS caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires crafted request. id: CVE-2024-12873 info: name: Custom Field Manager...
CVE-2025-13930
The Checkout Field Manager Checkout Manager for WooCommerce plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 7.8.5. This is due to the plugin not properly verifying that a user is authorized to delete an attachment combined with flawed guest order...
CVE-2025-12500
The Checkout Field Manager Checkout Manager for WooCommerce plugin for WordPress is vulnerable to unauthenticated limited file upload in all versions up to, and including, 7.8.1. This is due to the plugin not properly verifying that a user is authorized to perform file upload actions via the...
CVE-2025-13930
The CVE-2025-13930 entry concerns the Checkout Field Manager (Checkout Manager) for WooCommerce plugin on WordPress. Affected versions are up to and including 7.8.5, where an authorization bypass allows unauthenticated attackers to delete attachments associated with guest orders. The root cause c...
CVE-2025-13930 Checkout Field Manager (Checkout Manager) for WooCommerce <= 7.8.5 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion
The Checkout Field Manager Checkout Manager for WooCommerce plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 7.8.5. This is due to the plugin not properly verifying that a user is authorized to delete an attachment combined with flawed guest order...
CVE-2025-12500 Checkout Field Manager (Checkout Manager) for WooCommerce <= 7.8.1 - Unauthenticated Limited File Upload
The Checkout Field Manager Checkout Manager for WooCommerce plugin for WordPress is vulnerable to unauthenticated limited file upload in all versions up to, and including, 7.8.1. This is due to the plugin not properly verifying that a user is authorized to perform file upload actions via the...
CVE-2025-12500 Checkout Field Manager (Checkout Manager) for WooCommerce <= 7.8.1 - Unauthenticated Limited File Upload
The Checkout Field Manager Checkout Manager for WooCommerce plugin for WordPress is vulnerable to unauthenticated limited file upload in all versions up to, and including, 7.8.1. This is due to the plugin not properly verifying that a user is authorized to perform file upload actions via the...
CVE-2025-12500
The vulnerability CVE-2025-12500 affects the Checkout Field Manager (Checkout Manager) for WooCommerce plugin for WordPress, with unauthenticated, limited file upload via ajax_checkout_attachment_upload in all versions up to 7.8.1. The root cause is improper authorization verification for upload ...
WordPress plugin Checkout Field Manager (Checkout Manager) for WooCommerce 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...
PT-2026-20610
Name of the Vulnerable Software and Affected Versions Checkout Manager for WooCommerce versions prior to 7.8.6 Description The Checkout Field Manager Checkout Manager for WooCommerce plugin for WordPress has an authorization issue. The plugin does not properly verify user authorization to delete...
WordPress plugin Checkout Field Manager (Checkout Manager) for WooCommerce 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
EUVD-2020-17806
Malware in sbrugna...
EUVD-2025-15328
Malicious code in bioql PyPI...
CVE-2020-25115
The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or Description to User Profile Field Manager...
CVE-2024-12873
The Custom Field Manager WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-12873 Custom Field Manager <= 1.0 - Reflected XSS Vulnerability
The Custom Field Manager WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-12873 Custom Field Manager <= 1.0 - Reflected XSS Vulnerability
The Custom Field Manager WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
WordPress plugin Custom Field Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
PT-2025-21447
Name of the Vulnerable Software and Affected Versions: The Custom Field Manager WordPress plugin version 1.0 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in the page...
VulnCheck KEV: CVE-2022-4328
The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server...