Custom Field Suite Project Custom Field Suite — known CVE vulnerabilities
Every CVE whose affected-product data names Custom Field Suite Project Custom Field Suite, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2024-3561 — CVSS 8.8 (high): The Custom Field Suite plugin for WordPress is vulnerable to SQL Injection via the the 'Term' custom field in all versions up to, and…
CVE-2024-3562 — CVSS 8.8 (high): The Custom Field Suite plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.6.7 via the Loop…
CVE-2024-3558 — CVSS 6.4 (medium): The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_title]' parameter versions…
CVE-2024-3559 — CVSS 6.4 (medium): The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_content]' parameter versions…
CVE-2023-32515 — CVSS 5.9 (medium): Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matt Gibbs Custom Field Suite plugin <= 2.6.2.1 versions.
CVE-2024-0689 — CVSS 4.4 (medium): The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a meta import in all versions up to, and…
CVE-2024-3068 — CVSS 4.4 (medium): The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cfs[fields][*][name]' parameter in all…