Wpgogo Custom_field_template
9 CVEs affecting Wpgogo Custom_field_template. Latest disclosed: 2024-09-15. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-4324 | High | 7.2 | 2023-01-02 | The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported file, which could lead to PHP object injections issues when a h… |
CVE-2023-38392 | High | 7.1 | 2023-08-07 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Hiroaki Miyashita Custom Field Template plugin <= 2.5.9 versions. |
CVE-2024-44062 | Medium | 6.5 | 2024-09-15 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field Template allows Sto… |
CVE-2024-0627 | Medium | 6.4 | 2024-06-11 | The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom field name column in all versions up to, an… |
CVE-2023-6745 | Medium | 6.4 | 2024-06-11 | The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cpt' shortcode in all versions up to, and includi… |
CVE-2024-0653 | Medium | 4.4 | 2024-06-11 | The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.1 due… |
CVE-2023-6748 | Medium | 4.3 | 2024-06-11 | The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the 'cft' shortc… |
CVE-2023-22695 | Medium | 4.3 | 2023-07-10 | Cross-Site Request Forgery (CSRF) vulnerability in Hiroaki Miyashita Custom Field Template plugin <= 2.5.8 versions. |
CVE-2020-36742 | Medium | 4.3 | 2023-07-01 | The Custom Field Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.1. This is due to missing or i… |