VYPR

Custom Field Suite

by WordPress

CVEs (6)

  • CVE-2024-3558MedJun 20, 2024
    risk 0.42cvss 6.4epss 0.00

    The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_title]' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,…

  • CVE-2024-3559MedJun 12, 2024
    risk 0.42cvss 6.4epss 0.00

    The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_content]' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,…

  • CVE-2024-3068MedMay 14, 2024
    risk 0.29cvss 4.4epss 0.01

    The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cfs[fields][*][name]' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…

  • CVE-2024-0689MedFeb 29, 2024
    risk 0.29cvss 4.4epss 0.00

    The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a meta import in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on the meta values. This makes it possible for authenticated…

  • CVE-2023-32515May 18, 2023
    risk 0.00cvss epss 0.00

    Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matt Gibbs Custom Field Suite plugin <= 2.6.2.1 versions.

  • CVE-2019-11871May 10, 2019
    risk 0.00cvss epss 0.01

    The Custom Field Suite plugin before 2.5.15 for WordPress has XSS for editors or admins.