Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fields vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2015-9302
The simple-fields plugin prior to 1.4.11 for WordPress has XSS.
Simple Fields Project Simple Fields
6.8
CVSSv2
CVE-2013-7476
The simple-fields plugin prior to 1.2 for WordPress has CSRF in the admin interface.
Simple Fields Project Simple Fields
NA
CVE-2023-0277
The WC Fields Factory WordPress plugin up to and including 4.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
Wc Fields Factory Project Wc Fields Factory
NA
CVE-2022-4117
The IWS WordPress plugin up to and including 1.0 does not properly escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection.
Iws-geo-form-fields Project Iws-geo-form-fields
NA
CVE-2023-6982
The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and postmeta in all versions up to, and including, 1.2.1 due to insufficient input sanitization and out...
Vegacorp Display Custom Fields In The Frontend - Post And User Profile Fields
NA
CVE-2023-6983
The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.1 via the vg_display_data shortcode due to missing validation on a user controlled key. ...
Josevega Display Custom Fields In The Frontend - Post And User Profile Fields
NA
CVE-2023-6996
The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Code Injection via the plugin's vg_display_data shortcode in all versions up to, and including, 1.2.1 due to insufficient input validation and restriction on ...
Vegacorp Display Custom Fields In The Frontend - Post And User Profile Fields
NA
CVE-2023-28855
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Vers...
Teclib-edition Fields
4.3
CVSSv2
CVE-2017-18611
The magic-fields plugin prior to 1.7.2 for WordPress has XSS via the RCCWP_CreateCustomFieldPage.php custom-field-css parameter.
Magicfields Magic Fields
4.3
CVSSv2
CVE-2017-18609
The magic-fields plugin prior to 1.7.2 for WordPress has XSS via the custom-write-panel-id parameter.
Magicfields Magic Fields
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »