CVE-2026-4066

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relationalpostssearch function in all versions up to, and including, 5.0.6. This makes it possible for authenticated attackers, with Contributor-level access and abov...

WordPress Smart Custom Fields plugin <= 5.0.6 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Relational Post Search vulnerability

Missing Authorization to Authenticated Contributor+ Sensitive Information Exposure via Relational Post Search vulnerability discovered by darkmode in WordPress Plugin Smart Custom Fields versions = 5.0.6...

CVE-2026-4066

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relationalpostssearch function in all versions up to, and including, 5.0.6. This makes it possible for authenticated attackers, with Contributor-level access and abov...

CVE-2026-4066 Smart Custom Fields <= 5.0.6 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Relational Post Search

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relationalpostssearch function in all versions up to, and including, 5.0.6. This makes it possible for authenticated attackers, with Contributor-level access and abov...

CVE-2026-4066 Smart Custom Fields <= 5.0.6 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Relational Post Search

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relationalpostssearch function in all versions up to, and including, 5.0.6. This makes it possible for authenticated attackers, with Contributor-level access and abov...

CVE-2026-4066

The CVE concerns the Smart Custom Fields plugin for WordPress (affected: all versions up to and including 5.0.6). A missing capability check in relational_posts_search() allows authenticated users with Contributor-level access or higher to read private and draft posts from other authors via the s...

CVE-2026-4066

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relationalpostssearch function in all versions up to, and including, 5.0.6. This makes it possible for authenticated attackers, with Contributor-level access and abov...

WordPress plugin Smart Custom Fields 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-27252

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relational posts search function in all versions up to, and including, 5.0.6. This makes it possible for authenticated attackers, with Contributor-level access and...

EUVD-2025-2708

Malicious code in bioql PyPI...

CVE-2025-22308

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Takashi Kitajima Smart Custom Fields smart-custom-fields allows Stored XSS.This issue affects Smart Custom Fields: from n/a through = 5.0.0...

CVE-2024-1995

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relationalpostssearch function in all versions up to, and including, 4.2.2. This makes it possible for authenticated attackers, with subscrber-level access and above,...

CVE-2025-22308

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Takashi Kitajima Smart Custom Fields smart-custom-fields allows Stored XSS.This issue affects Smart Custom Fields: from n/a through = 5.0.0...

CVE-2025-22308 WordPress Smart Custom FIelds plugin <= 5.0.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Takashi Kitajima Smart Custom Fields smart-custom-fields allows Stored XSS.This issue affects Smart Custom Fields: from n/a through = 5.0.0...

CVE-2025-22308

CVE-2025-22308 is a stored XSS vulnerability in WordPress plugin Smart Custom Fields (aka Smart Custom Fields by Takashi Kitajima). The issue affects Smart Custom Fields versions up to 5.0.0 and is tied to improper input neutralization during web page generation (stored XSS). The vulnerability is...

WordPress plugin Smart Custom Fields 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin...

WordPress Smart Custom FIelds plugin <= 5.0.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Robert DeVore Patchstack Alliance in WordPress Plugin Smart Custom Fields versions = 5.0.0...

CVE-2024-1995

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relationalpostssearch function in all versions up to, and including, 4.2.2. This makes it possible for authenticated attackers, with subscrber-level access and above,...

CVE-2024-1995 Smart Custom Fields <= 4.2.2 - Missing Authorization to Authenticated (Subscriber+) Post Content Disclosure

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relationalpostssearch function in all versions up to, and including, 4.2.2. This makes it possible for authenticated attackers, with subscrber-level access and above,...

CVE-2024-1995 Smart Custom Fields <= 4.2.2 - Missing Authorization to Authenticated (Subscriber+) Post Content Disclosure

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relationalpostssearch function in all versions up to, and including, 4.2.2. This makes it possible for authenticated attackers, with subscrber-level access and above,...