Vulnerabilities > Metabox
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-05 | CVE-2023-6526 | Cross-site Scripting vulnerability in Metabox Meta BOX The Meta Box – WordPress Custom Fields Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta values displayed through the plugin's shortcode in all versions up to, and including, 5.9.2 due to insufficient input sanitization and output escaping. | 5.4 |
| 2019-08-09 | CVE-2019-14794 | Data Processing Errors vulnerability in Metabox Meta BOX The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders. | 7.5 |
| 2019-08-09 | CVE-2019-14793 | Missing Authorization vulnerability in Metabox Meta BOX The Meta Box plugin before 4.16.3 for WordPress allows file deletion via ajax, with the wp-admin/admin-ajax.php?action=rwmb_delete_file attachment_id parameter. | 6.5 |