Lucene search
+L
WpgogoCustom Field Template

9 matches found

CVE
CVE
added 2023/01/02 9:49 p.m.67 views

CVE-2022-4324

The vulnerability CVE-2022-4324 affects the WordPress plugin Custom Field Template prior to version 2.5.8 . The issue arises from unserialising the content of an imported file, which can enable PHP object injection when a high-privilege user imports a malicious Customizer Styling file and a suita...

7.2CVSS7AI score0.17686EPSS
CVE
CVE
added 2024/06/11 2:1 a.m.62 views

CVE-2024-0653

CVE-2024-0653 concerns the WordPress plugin Custom Field Template . The vulnerability is a Stored Cross‑Site Scripting (XSS) in admin settings due to insufficient input sanitization and output escaping, affecting all versions up to and including 2.6.1. It enables an attacker with at least adminis...

4.8CVSS4.6AI score0.00247EPSS
CVE
CVE
added 2024/06/11 2:1 a.m.60 views

CVE-2023-6745

CVE-2023-6745 concerns the WordPress plugin Custom Field Template . The vulnerability is a Stored Cross-Site Scripting (XSS) via the plugin’s cpt shortcode in all versions up to 2.6.1, caused by insufficient input sanitization and output escaping on user-supplied post meta. Exploitation requires ...

6.4CVSS5.9AI score0.00257EPSS
CVE
CVE
added 2023/08/07 12:45 p.m.59 views

CVE-2023-38392

CVE-2023-38392 : Unauthenticated Reflected Cross-Site Scripting in WordPress plugin Custom Field Template by Hiroaki Miyashita, affected versions ≤ 2.5.9. Root cause: reflected XSS vulnerability. Impact: potential client-side script execution for unauthenticated attackers. Mitigation: update to v...

7.1CVSS6AI score0.00354EPSS
CVE
CVE
added 2024/06/11 2:1 a.m.56 views

CVE-2023-6748

The CVE-2023-6748 entry concerns the WordPress plugin Custom Field Template. Affected versions are ≤ 2.6.1, with vulnerability enabling Sensitive Information Exposure via the cft shortcode, allowing authenticated attackers with Contributor+ privileges to extract sensitive data including arbitrary...

4.3CVSS4.8AI score0.0029EPSS
CVE
CVE
added 2024/06/11 2:1 a.m.55 views

CVE-2024-0627

The CVE-2024-0627 entry concerns the WordPress plugin Custom Field Template (versions

6.4CVSS5.9AI score0.00263EPSS
CVE
CVE
added 2023/07/10 12:38 p.m.54 views

CVE-2023-22695

CVE-2023-22695 is a CSRF vulnerability in the Hiroaki Miyashita Custom Field Template WordPress plugin, affecting versions

8.8CVSS6.5AI score0.00321EPSS
CVE
CVE
added 2024/09/15 7:58 a.m.50 views

CVE-2024-44062

The CVE-2024-44062 entry refers to the WordPress Plugin Custom Field Template (versions

6.5CVSS5.9AI score0.00263EPSS
CVE
CVE
added 2023/07/01 4:26 a.m.25 views

CVE-2020-36742

CVE-2020-36742 relates to the WordPress Custom Field Template plugin. A CSRF vulnerability exists in versions up to 2.5.1 due to missing or incorrect nonce validation on the edit_meta_value() function, enabling unauthenticated attackers to edit meta field values via forged requests if they can tr...

4.3CVSS4.2AI score0.00388EPSS