VYPR

Just Custom Fields

by WordPress

Source repositories

CVEs (3)

  • CVE-2023-46203MedJan 2, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in JustCoded / Alex Prokopenko Just Custom Fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Just Custom Fields: from n/a through 3.3.2.

  • CVE-2024-6168MedJul 9, 2024
    risk 0.28cvss 4.3epss 0.00

    The Just Custom Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on several AJAX function. This makes it possible for unauthenticated attackers to invoke this…

  • CVE-2024-6167MedJul 9, 2024
    risk 0.28cvss 4.3epss 0.00

    The Just Custom Fields plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several AJAX functions in all versions up to, and including, 3.3.2. This makes it possible for authenticated attackers, with Subscriber-level…