Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:34 a.m.9 views

CVE-2024-0689

The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a meta import in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on the meta values. This makes it possible for authenticated attackers, with...

4.8CVSS5.7AI score0.00342EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/06/19 12:0 a.m.12 views

WordPress Custom Field Suite Plugin <= 2.6.7 is vulnerable to Cross Site Scripting (XSS)

Software Custom Field Suite Type Plugin Vulnerable versions = 2.6.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3558 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 16f6a09d2c8e Credits Jack Taylor Required...

6.4CVSS5.8AI score0.00413EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2024/06/19 12:0 a.m.11 views

WordPress Custom Field Suite Plugin <= 2.6.7 is vulnerable to PHP Object Injection

Software Custom Field Suite Type Plugin Vulnerable versions = 2.6.7 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-3562 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID 4d41dee4d577 Credits Jack Taylor Required privilege...

8.8CVSS6.8AI score0.0063EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/06/19 12:0 a.m.14 views

WordPress Custom Field Suite Plugin <= 2.6.7 is vulnerable to SQL Injection

Software Custom Field Suite Type Plugin Vulnerable versions = 2.6.7 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3561 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 5e99e2eccc53 Credits Jack Taylor Required privilege Contributor...

8.8CVSS6.8AI score0.00509EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/06/11 12:0 a.m.10 views

WordPress Custom Field Suite Plugin <= 2.6.7 is vulnerable to Cross Site Scripting (XSS)

Software Custom Field Suite Type Plugin Vulnerable versions = 2.6.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3559 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4f903a173479 Credits Jack Taylor Required...

6.4CVSS5.8AI score0.00336EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/05/07 12:0 a.m.11 views

WordPress Custom Field Suite Plugin <= 2.6.5 is vulnerable to Cross Site Scripting (XSS)

Software Custom Field Suite Type Plugin Vulnerable versions = 2.6.5 Fixed in 2.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3068 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0f8f7e39d39e Credits Eduardo Berlanga seqo...

4.8CVSS5.8AI score0.00557EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/02/28 12:0 a.m.12 views

WordPress Custom Field Suite Plugin <= 2.6.4 is vulnerable to Cross Site Scripting (XSS)

Software Custom Field Suite Type Plugin Vulnerable versions = 2.6.4 Fixed in 2.6.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0689 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a8fbf84e2d48 Credits Sh Required privilege...

4.8CVSS5.7AI score0.00342EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder