CVE-2023-46203 WordPress Just Custom Fields plugin <= 3.3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in JustCoded / Alex Prokopenko Just Custom Fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Just Custom Fields: from n/a through 3.3.2...

CVE-2024-10800

CVE-2024-10800 : WordPress User Extra Fields plugin (

CVE-2024-6168

The Just Custom Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on several AJAX function. This makes it possible for unauthenticated attackers to invoke this functionality...

CVE-2023-6809

The Custom fields shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cf shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied custom post meta values. This makes it possible for...

CVE-2023-6809 Custom fields shortcode <= 0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode

The Custom fields shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cf shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied custom post meta values. This makes it possible for...

CVE-2023-30777

Unauth. Reflected Cross-Site Scripting XSS vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins = 6.1.5 versions...

CVE-2023-23790

Cross-Site Request Forgery CSRF vulnerability in Pods Framework Team Pods – Custom Content Types and Fields plugin = 2.9.10.2 versions...

Design/Logic Flaw

Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and...

CVE-2022-4831 Custom User Profile Fields for User Registration & Member Frontend Profiles with Paid Memberships Pro < 1.8.1 - Contributor+ Stored XSS via Shortcode

The Custom User Profile Fields for User Registration WordPress plugin before 1.8.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which...

CVE-2022-2398

CVE-2022-2398 concerns the WordPress Comments Fields plugin (pre-4.1). The flaw is a lack of escaping in the Field Error Message, enabling stored Cross-Site Scripting by high-privilege admins (authenticated users) even when unfiltered_html is disallowed. Affected version: WordPress Comments Field...

WordPress plugin WordPress Comments Fields 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress simple-fields plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. simple-fields is a custom fields plugin used in it. A cross-site scripting vulnerability exists in the WordPress simple-fields plugin...

WordPress magic-fields plugin cross-site scripting vulnerability (CNVD-2019-32372)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. magic-fields is a web form field customization plugin used in it. A cross-site scripting vulnerability exists in the WordPress...

CVE-2017-18610

The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCCWPCreateCustomFieldPage.php custom-group-id parameter...

Design/Logic Flaw

The magic-fields plugin before 1.7.2 for WordPress has XSS via the custom-write-panel-id parameter...

CVE-2017-18610

The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCCWPCreateCustomFieldPage.php custom-group-id parameter...

WordPress simple-fields plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. simple-fields is a custom fields plugin used in it. WordPress simple-fields plug-in exists piece of cross-site request forgery...

CVE-2013-7476

The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface...

CVE-2013-7476

The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface...

CVE-2013-7476

The connected advisories confirm a CSRF vulnerability in the WordPress Simple Fields plugin prior to version 1.2, affecting the admin interface. Root cause: CSRF in admin actions could allow unauthorized requests when an authenticated admin visits a malicious page. Impact is described in CVE reco...