8 matches found
CVE-2024-0689
CVE-2024-0689 involves the Custom Field Suite plugin for WordPress, where a Stored XSS exists in meta imports for all versions up to 2.6.4 due to insufficient input sanitization and output escaping. Affected: WordPress multisite installations and sites with unfiltered_html disabled. Impact: authe...
CVE-2024-3558
CVE-2024-3558 affects the WordPress plugin Custom Field Suite . The vulnerability is a Stored Cross-Site Scripting in the parameter cfs[post_title] for versions up to 2.6.7 , caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access at contributor+ ...
CVE-2024-3559
CVE-2024-3559 describes a Stored Cross-Site Scripting (XSS) in the WordPress plugin Custom Field Suite up to version 2.6.7, due to insufficient input sanitization and output escaping on the cfs[post_content] parameter. Exploitation requires authenticated access at contributor level or higher, and...
CVE-2024-3562
CVE-2024-3562 : The WordPress plugin Custom Field Suite is vulnerable to PHP Code Injection via the Loop custom field. The issue stems from insufficient sanitization before using input in eval(), allowing authenticated attackers with contributor-level access or higher to execute arbitrary PHP on ...
CVE-2024-3561
CVE-2024-3561 affects the Custom Field Suite WordPress plugin up to version 2.6.7. The vulnerability is an SQL Injection via the Term custom field caused by insufficient escaping and lack of proper parameterization. Exploitation requires auth at contributor level or higher, and allows injecting a...
CVE-2019-11871
The CVE-2019-11871 entry concerns the WordPress plugin Custom Field Suite, affected in versions before 2.5.15. The vulnerability is an authenticated Cross-Site Scripting (XSS) flaw exploitable by editors or admins. The available connected documents confirm the affected component and scope but do ...
CVE-2023-32515
CVE-2023-32515 affects WordPress Custom Field Suite plugin, vulnerable in versions
CVE-2024-3068
CVE-2024-3068 : The WordPress plugin Custom Field Suite is vulnerable to Stored Cross-Site Scripting via the parameter cfs[fields][*][name] in all versions up to 2.6.5. The issue stems from insufficient input sanitization and output escaping, enabling an authenticated admin to inject scripts that...