Custom Field Template Security Vulnerabilities and Issues — Custom Field Template CVE List

Lucene search

WpgogoCustom Field Template

4 matches found

CVE•added 2023/08/07 1:15 p.m.•45 views

CVE-2023-38392

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Hiroaki Miyashita Custom Field Template plugin

7.1CVSS6AI score0.00083EPSS

CVE•added 2023/01/02 10:15 p.m.•38 views

CVE-2022-4324

The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import (intentionally or not) a malicious Customizer Styling file and a suitable gadget chain is present on the blog.

7.2CVSS7AI score0.13268EPSS

CVE•added 2023/07/10 4:15 p.m.•38 views

CVE-2023-22695

Cross-Site Request Forgery (CSRF) vulnerability in Hiroaki Miyashita Custom Field Template plugin

8.8CVSS6.5AI score0.0007EPSS

CVE•added 2023/07/01 5:15 a.m.•14 views

CVE-2020-36742

The Custom Field Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.1. This is due to missing or incorrect nonce validation on the edit_meta_value() function. This makes it possible for unauthenticated attackers to edit meta field values ...

4.3CVSS4.2AI score0.00137EPSS