Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fields vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2015-9302
The simple-fields plugin prior to 1.4.11 for WordPress has XSS.
Simple Fields Project Simple Fields
8.8
CVSSv3
CVE-2013-7476
The simple-fields plugin prior to 1.2 for WordPress has CSRF in the admin interface.
Simple Fields Project Simple Fields
7.2
CVSSv3
CVE-2023-0277
The WC Fields Factory WordPress plugin up to and including 4.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
Wc Fields Factory Project Wc Fields Factory
9.8
CVSSv3
CVE-2022-4117
The IWS WordPress plugin up to and including 1.0 does not properly escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection.
Iws-geo-form-fields Project Iws-geo-form-fields
8.8
CVSSv3
CVE-2023-6996
The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Code Injection via the plugin's vg_display_data shortcode in all versions up to, and including, 1.2.1 due to insufficient input validation and restriction on ...
Vegacorp Display Custom Fields In The Frontend - Post And User Profile Fields
5.4
CVSSv3
CVE-2023-6982
The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and postmeta in all versions up to, and including, 1.2.1 due to insufficient input sanitization and out...
Vegacorp Display Custom Fields In The Frontend - Post And User Profile Fields
4.3
CVSSv3
CVE-2023-6983
The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vg_display_data shortcode due to missing validation on a user controlled key. ...
Josevega Display Custom Fields In The Frontend - Post And User Profile Fields
6.5
CVSSv3
CVE-2023-28855
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Vers...
Teclib-edition Fields
6.1
CVSSv3
CVE-2017-18609
The magic-fields plugin prior to 1.7.2 for WordPress has XSS via the custom-write-panel-id parameter.
Magicfields Magic Fields
6.1
CVSSv3
CVE-2017-18611
The magic-fields plugin prior to 1.7.2 for WordPress has XSS via the RCCWP_CreateCustomFieldPage.php custom-field-css parameter.
Magicfields Magic Fields
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »