Custom%20post%20types%2C%20Custom%20Fields%20%26%20more

Custom post types, Custom Fields & more

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2023-6993

Assigner-Wordfence

View Details

Assigner-Wordfence

CVSS Score-6.4||MEDIUM

EPSS-0.18% / 39.81%

7 Day CHG~0.00%

Published-09 Apr, 2024 | 18:58

Updated-02 Aug, 2024 | 08:50

The Custom post types, Custom Fields & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and custom post meta in all versions up to, and including, 5.0.4 due to insufficient input sanitization and output escaping on user supplied post meta values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Vendor-totalpressorg

Product-Custom post types, Custom Fields & more

CVE-2023-32116

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-5.9||MEDIUM

EPSS-0.06% / 18.09%

7 Day CHG~0.00%

Published-26 Oct, 2023 | 12:15

Updated-06 Sep, 2024 | 18:44

WordPress Custom post types Plugin <= 4.0.12 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in TotalPress.Org Custom post types, Custom Fields & more plugin <= 4.0.12 versions.

Vendor-totalpress TotalPress.org

Product-custom_post_types Custom post types, Custom Fields & more

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')