7 matches found
CVE-2024-0689
The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a meta import in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on the meta values. This makes it possible for authenticated attackers, with...
WordPress Custom Field Suite Plugin <= 2.6.7 is vulnerable to Cross Site Scripting (XSS)
Software Custom Field Suite Type Plugin Vulnerable versions = 2.6.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3558 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 16f6a09d2c8e Credits Jack Taylor Required...
WordPress Custom Field Suite Plugin <= 2.6.7 is vulnerable to PHP Object Injection
Software Custom Field Suite Type Plugin Vulnerable versions = 2.6.7 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-3562 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID 4d41dee4d577 Credits Jack Taylor Required privilege...
WordPress Custom Field Suite Plugin <= 2.6.7 is vulnerable to SQL Injection
Software Custom Field Suite Type Plugin Vulnerable versions = 2.6.7 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3561 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 5e99e2eccc53 Credits Jack Taylor Required privilege Contributor...
WordPress Custom Field Suite Plugin <= 2.6.7 is vulnerable to Cross Site Scripting (XSS)
Software Custom Field Suite Type Plugin Vulnerable versions = 2.6.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3559 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4f903a173479 Credits Jack Taylor Required...
WordPress Custom Field Suite Plugin <= 2.6.5 is vulnerable to Cross Site Scripting (XSS)
Software Custom Field Suite Type Plugin Vulnerable versions = 2.6.5 Fixed in 2.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3068 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0f8f7e39d39e Credits Eduardo Berlanga seqo...
WordPress Custom Field Suite Plugin <= 2.6.4 is vulnerable to Cross Site Scripting (XSS)
Software Custom Field Suite Type Plugin Vulnerable versions = 2.6.4 Fixed in 2.6.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0689 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a8fbf84e2d48 Credits Sh Required privilege...