CVE-2026-4066

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relationalpostssearch function in all versions up to, and including, 5.0.6. This makes it possible for authenticated attackers, with Contributor-level access and abov...

EUVD-2026-14618

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relationalpostssearch function in all versions up to, and including, 5.0.6. This makes it possible for authenticated attackers, with Contributor-level access and abov...

CVE-2026-4066

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relationalpostssearch function in all versions up to, and including, 5.0.6. This makes it possible for authenticated attackers, with Contributor-level access and abov...

CVE-2026-4066

The CVE concerns the Smart Custom Fields plugin for WordPress (affected: all versions up to and including 5.0.6). A missing capability check in relational_posts_search() allows authenticated users with Contributor-level access or higher to read private and draft posts from other authors via the s...

CVE-2026-4066 Smart Custom Fields <= 5.0.6 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Relational Post Search

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relationalpostssearch function in all versions up to, and including, 5.0.6. This makes it possible for authenticated attackers, with Contributor-level access and abov...

CVE-2026-4066

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relationalpostssearch function in all versions up to, and including, 5.0.6. This makes it possible for authenticated attackers, with Contributor-level access and abov...

PT-2026-27252

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relational posts search function in all versions up to, and including, 5.0.6. This makes it possible for authenticated attackers, with Contributor-level access and...

EUVD-2024-45680

Malicious code in bioql PyPI...

CVE-2024-51884

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Takashi Matsuyama Posts Search posts-search allows Stored XSS.This issue affects Posts Search: from n/a through = 1.2.2...

CVE-2024-51884

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Takashi Matsuyama Posts Search posts-search allows Stored XSS.This issue affects Posts Search: from n/a through = 1.2.2...

CVE-2024-51884 WordPress Posts Search plugin <= 1.2.2 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Takashi Matsuyama Posts Search allows Stored XSS.This issue affects Posts Search: from n/a through 1.2.2...

CVE-2024-51884 WordPress Posts Search plugin <= 1.2.2 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Takashi Matsuyama Posts Search posts-search allows Stored XSS.This issue affects Posts Search: from n/a through = 1.2.2...

WordPress Posts Search plugin <= 1.2.2 - Stored Cross Site Scripting (XSS) vulnerability

Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Posts Search versions = 1.2.2...

WordPress Posts Search Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Posts Search Type Plugin Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51884 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c9222a2124ac Credits SOPROBRO Required privilege Contributor...

WordPress Plugin Smart Custom Fields Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

PT-2024-18483 · WordPress · Smart Custom Fields

Name of the Vulnerable Software and Affected Versions: Smart Custom Fields plugin for WordPress versions up to, and including, 4.2.2 Description: The issue arises from a missing capability check on the relational posts search function, allowing authenticated attackers with subscriber-level access...