VYPR

Custom Field Template

by WordPress

Source repositories

CVEs (9)

  • CVE-2022-4324HigJan 2, 2023
    risk 0.48cvss 7.2epss 0.18

    The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import (intentionally or not) a malicious Customizer Styling file and a suitable gadget chain is…

  • CVE-2023-38392HigAug 7, 2023
    risk 0.46cvss 7.1epss 0.00

    Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Hiroaki Miyashita Custom Field Template plugin <= 2.5.9 versions.

  • CVE-2025-68607MedDec 29, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field Template custom-field-template allows Stored XSS.This issue affects Custom Field Template: from n/a through <= 2.7.7.

  • CVE-2024-44062MedSep 15, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.6.5.

  • CVE-2023-6745MedJun 11, 2024
    risk 0.42cvss 6.4epss 0.00

    The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cpt' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied post meta. This makes it possible…

  • CVE-2024-25919MedMar 15, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.6.

  • CVE-2024-0653MedJun 11, 2024
    risk 0.29cvss 4.4epss 0.00

    The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…

  • CVE-2023-22695MedJul 10, 2023
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Hiroaki Miyashita Custom Field Template plugin <= 2.5.8 versions.

  • CVE-2020-36742MedJul 1, 2023
    risk 0.28cvss 4.3epss 0.00

    The Custom Field Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.1. This is due to missing or incorrect nonce validation on the edit_meta_value() function. This makes it possible for unauthenticated attackers to…