Custom_field_suite_project Custom_field_suite

8 CVEs affecting Custom_field_suite_project Custom_field_suite. Latest disclosed: 2024-06-20. Critical: 0, High: 2.

Top CVEs affecting Custom_field_suite_project Custom_field_suite
CVESeverityScorePublishedSummary
CVE-2024-3562High8.82024-06-20The Custom Field Suite plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.6.7 via the Loop custom field. This is…
CVE-2024-3561High8.82024-06-20The Custom Field Suite plugin for WordPress is vulnerable to SQL Injection via the the 'Term' custom field in all versions up to, and including, 2.6.7 due to i…
CVE-2024-3558Medium6.42024-06-20The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_title]' parameter versions up to, and including…
CVE-2024-3559Medium6.42024-06-12The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_content]' parameter versions up to, and includin…
CVE-2023-32515Medium5.92023-05-18Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matt Gibbs Custom Field Suite plugin <= 2.6.2.1 versions.
CVE-2019-11871Medium5.42019-05-10The Custom Field Suite plugin before 2.5.15 for WordPress has XSS for editors or admins.
CVE-2024-3068Medium4.42024-05-14The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cfs[fields][*][name]' parameter in all versions up to, and in…
CVE-2024-0689Medium4.42024-02-29The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a meta import in all versions up to, and including, 2.6.4 due to i…