Lucene search
WpvulndbWPVDB-ID:BA880FF0-227A-471D-843E-8425769747CCHistoryAug 07, 2023 - 12:00 a.m.
Custom Field Template < 2.6 - Reflected Cross-Site Scripting
2023-08-0700:00:00
wpscan.com
1
plugin security
post_type parameter
xss
high privilege user
Description The plugin does not sanitise and escape the post_type parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
| CPE | Name | Operator | Version |
|---|---|---|---|
| custom-field-template | eq | 2.6 |
Related
cve
cve
CVE-2023-38392
2023-08-07 13:15:11
nvd
nvd
CVE-2023-38392
2023-08-07 13:15:11
prion
prion
Cross site scripting
2023-08-07 13:15:00
cvelist
cvelist
wordfence
wordfence
6.2 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.0%
Related for WPVDB-ID:BA880FF0-227A-471D-843E-8425769747CC