7 matches found
EUVD-2022-49932
Malicious code in bioql PyPI...
CVE-2024-8364
The WP Custom Fields Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcfs-preset shortcode in all versions up to, and including, 1.2.35 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-8364
Affected software : WP Custom Fields Search plugin for WordPress (versions up to and including 1.2.35). Vulnerability : Stored Cross-Site Scripting via the wpcfs-preset shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. Impact : Authenticated attacke...
CVE-2022-47157
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Don Benjamin WP Custom Fields Search plugin = 1.2.34 versions...
CVE-2022-47157
CVE-2022-47157 concerns the WordPress plugin WP Custom Fields Search (Don Benjamin) up to version 1.2.34. The vulnerability is a stored XSS caused by insufficient sanitization/escaping in plugin settings, exploitable by users with admin privileges (administrator+). Impact is stored script injecti...
CVE-2022-47157 WordPress WP Custom Fields Search Plugin <= 1.2.34 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Don Benjamin WP Custom Fields Search plugin = 1.2.34 versions...
WP Custom Fields Search < 1.2.35 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...