Vulnerabilities > GET Custom Field Values Project > GET Custom Field Values > 3.6

DATE	CVE	VULNERABILITY TITLE	RISK
2023-10-18	CVE-2023-45604	Cross-site Scripting vulnerability in GET Custom Field Values Project GET Custom Field Values Auth. network low complexity get-custom-field-values-project CWE-79	4.8
2021-12-13	CVE-2021-24871	Cross-site Scripting vulnerability in GET Custom Field Values Project GET Custom Field Values The Get Custom Field Values WordPress plugin before 4.0.1 does not escape custom fields before outputting them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks network get-custom-field-values-project CWE-79	3.5
2021-12-13	CVE-2021-24872	Incorrect Authorization vulnerability in GET Custom Field Values Project GET Custom Field Values The Get Custom Field Values WordPress plugin before 4.0 allows users with a role as low as Contributor to access other posts metadata without validating the permissions. network low complexity get-custom-field-values-project CWE-863	4.0

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.