3 matches found
CVE-2024-8364
Affected software : WP Custom Fields Search plugin for WordPress (versions up to and including 1.2.35). Vulnerability : Stored Cross-Site Scripting via the wpcfs-preset shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. Impact : Authenticated attacke...
CVE-2022-47157
CVE-2022-47157 concerns the WordPress plugin WP Custom Fields Search (Don Benjamin) up to version 1.2.34. The vulnerability is a stored XSS caused by insufficient sanitization/escaping in plugin settings, exploitable by users with admin privileges (administrator+). Impact is stored script injecti...
CVE-2017-9419
CVE-2017-9419 affects the Webhammer WP Custom Fields Search plugin for WordPress (version 0.3.28). The vulnerability is a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary JavaScript via the cs-all-0 parameter. The issue arises from insufficient input handling in th...