VYPR

Add Custom Fields to Media

by WordPress

Source repositories

CVEs (1)

  • CVE-2026-4068MedMar 19, 2026
    risk 0.28cvss 4.3epss 0.00

    The Add Custom Fields to Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.3. This is due to missing nonce validation on the field deletion functionality in the admin display template. The plugin properly validates a…