The Display Post Metadata WordPress plugin prior to 1.5.0 adds a shortcode to print out custom fields, however their content is not sanitised or escaped which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
display post metadata project display post metadata |