VYPR

Custom Post Types

by WordPress

CVEs (2)

  • CVE-2023-6993MedApr 9, 2024
    risk 0.42cvss 6.4epss 0.00

    The Custom post types, Custom Fields & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and custom post meta in all versions up to, and including, 5.0.4 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2024-10143May 15, 2025
    risk 0.00cvss epss 0.00

    The MB Custom Post Types & Custom Taxonomies WordPress plugin before 2.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is…