Vulnerabilities > Vegacorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-05 | CVE-2023-6982 | Cross-site Scripting vulnerability in Vegacorp Display Custom Fields in the Frontend - Post and User Profile Fields The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and postmeta in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-02-05 | CVE-2023-6996 | Code Injection vulnerability in Vegacorp Display Custom Fields in the Frontend - Post and User Profile Fields The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Code Injection via the plugin's vg_display_data shortcode in all versions up to, and including, 1.2.1 due to insufficient input validation and restriction on access to that shortcode. | 8.8 |