Lucene search
K
Custom Field Suite ProjectCustom Field Suite

8 matches found

CVE
CVE
added 2024/02/29 2:33 a.m.88 views

CVE-2024-0689

CVE-2024-0689 involves the Custom Field Suite plugin for WordPress, where a Stored XSS exists in meta imports for all versions up to 2.6.4 due to insufficient input sanitization and output escaping. Affected: WordPress multisite installations and sites with unfiltered_html disabled. Impact: authe...

4.8CVSS4.9AI score0.00342EPSS
CVE
CVE
added 2024/06/20 2:8 a.m.84 views

CVE-2024-3558

CVE-2024-3558 affects the WordPress plugin Custom Field Suite . The vulnerability is a Stored Cross-Site Scripting in the parameter cfs[post_title] for versions up to 2.6.7 , caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access at contributor+ ...

6.4CVSS5.5AI score0.00413EPSS
CVE
CVE
added 2024/06/12 4:32 a.m.83 views

CVE-2024-3559

CVE-2024-3559 describes a Stored Cross-Site Scripting (XSS) in the WordPress plugin Custom Field Suite up to version 2.6.7, due to insufficient input sanitization and output escaping on the cfs[post_content] parameter. Exploitation requires authenticated access at contributor level or higher, and...

6.4CVSS5.9AI score0.00336EPSS
CVE
CVE
added 2024/06/20 2:8 a.m.71 views

CVE-2024-3562

CVE-2024-3562 : The WordPress plugin Custom Field Suite is vulnerable to PHP Code Injection via the Loop custom field. The issue stems from insufficient sanitization before using input in eval(), allowing authenticated attackers with contributor-level access or higher to execute arbitrary PHP on ...

8.8CVSS8.9AI score0.0063EPSS
CVE
CVE
added 2024/06/20 2:8 a.m.64 views

CVE-2024-3561

CVE-2024-3561 affects the Custom Field Suite WordPress plugin up to version 2.6.7. The vulnerability is an SQL Injection via the Term custom field caused by insufficient escaping and lack of proper parameterization. Exploitation requires auth at contributor level or higher, and allows injecting a...

8.8CVSS8.7AI score0.00509EPSS
CVE
CVE
added 2019/05/10 2:58 a.m.44 views

CVE-2019-11871

The CVE-2019-11871 entry concerns the WordPress plugin Custom Field Suite, affected in versions before 2.5.15. The vulnerability is an authenticated Cross-Site Scripting (XSS) flaw exploitable by editors or admins. The available connected documents confirm the affected component and scope but do ...

5.4CVSS5.3AI score0.00946EPSS
CVE
CVE
added 2023/05/18 9:55 a.m.42 views

CVE-2023-32515

CVE-2023-32515 affects WordPress Custom Field Suite plugin, vulnerable in versions

5.9CVSS5.2AI score0.00396EPSS
CVE
CVE
added 2024/05/09 8:3 p.m.31 views

CVE-2024-3068

CVE-2024-3068 : The WordPress plugin Custom Field Suite is vulnerable to Stored Cross-Site Scripting via the parameter cfs[fields][*][name] in all versions up to 2.6.5. The issue stems from insufficient input sanitization and output escaping, enabling an authenticated admin to inject scripts that...

4.8CVSS5.7AI score0.00557EPSS