Custom Field Template Security Vulnerabilities and Issues — Custom Field Template CVE List

Lucene search

WpgogoCustom Field Template

3 matches found

CVE•added 2024/06/11 3:15 a.m.•43 views

CVE-2024-0653

The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permiss...

4.8CVSS4.6AI score0.00199EPSS

CVE•added 2024/06/11 3:15 a.m.•42 views

CVE-2023-6748

The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the 'cft' shortcode. This makes it possible for authenticated attackers with contributor access and above, to extract sensitive data including arbitrary pos...

4.3CVSS4.8AI score0.00383EPSS

CVE•added 2023/07/01 5:15 a.m.•14 views

CVE-2020-36742

The Custom Field Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.1. This is due to missing or incorrect nonce validation on the edit_meta_value() function. This makes it possible for unauthenticated attackers to edit meta field values ...

4.3CVSS4.2AI score0.00137EPSS