Custom_field_suite_project Custom_field_suite
8 CVEs affecting Custom_field_suite_project Custom_field_suite. Latest disclosed: 2024-06-20. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-3562 | High | 8.8 | 2024-06-20 | The Custom Field Suite plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.6.7 via the Loop custom field. This is… |
CVE-2024-3561 | High | 8.8 | 2024-06-20 | The Custom Field Suite plugin for WordPress is vulnerable to SQL Injection via the the 'Term' custom field in all versions up to, and including, 2.6.7 due to i… |
CVE-2024-3558 | Medium | 6.4 | 2024-06-20 | The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_title]' parameter versions up to, and including… |
CVE-2024-3559 | Medium | 6.4 | 2024-06-12 | The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_content]' parameter versions up to, and includin… |
CVE-2023-32515 | Medium | 5.9 | 2023-05-18 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matt Gibbs Custom Field Suite plugin <= 2.6.2.1 versions. |
CVE-2019-11871 | Medium | 5.4 | 2019-05-10 | The Custom Field Suite plugin before 2.5.15 for WordPress has XSS for editors or admins. |
CVE-2024-3068 | Medium | 4.4 | 2024-05-14 | The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cfs[fields][*][name]' parameter in all versions up to, and in… |
CVE-2024-0689 | Medium | 4.4 | 2024-02-29 | The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a meta import in all versions up to, and including, 2.6.4 due to i… |