Vulnerabilities > Custom Field Suite Project > Custom Field Suite > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-20 | CVE-2024-3558 | Cross-site Scripting vulnerability in Custom Field Suite Project Custom Field Suite The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_title]' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-06-12 | CVE-2024-3559 | Cross-site Scripting vulnerability in Custom Field Suite Project Custom Field Suite The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_content]' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-05-14 | CVE-2024-3068 | Cross-site Scripting vulnerability in Custom Field Suite Project Custom Field Suite The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cfs[fields][*][name]' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. | 4.8 |
| 2024-02-29 | CVE-2024-0689 | Cross-site Scripting vulnerability in Custom Field Suite Project Custom Field Suite The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a meta import in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on the meta values. | 4.8 |
| 2023-05-18 | CVE-2023-32515 | Unspecified vulnerability in Custom Field Suite Project Custom Field Suite Auth. | 4.8 |
| 2019-05-10 | CVE-2019-11871 | Cross-site Scripting vulnerability in Custom Field Suite Project Custom Field Suite The Custom Field Suite plugin before 2.5.15 for WordPress has XSS for editors or admins. | 5.4 |