Every CVE whose affected-product data names Metabox Meta Box, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2019-14794 — CVSS 7.5 (high): The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders.
CVE-2019-14793 — CVSS 6.5 (medium): The Meta Box plugin before 4.16.3 for WordPress allows file deletion via ajax, with the wp-admin/admin-ajax.php?action=rwmb_delete_file…
CVE-2023-6526 — CVSS 6.4 (medium): The Meta Box – WordPress Custom Fields Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta…
CVE-2024-1204 — CVSS 4.3 (medium): The Meta Box WordPress plugin before 5.9.4 does not prevent users with at least the contributor role from access arbitrary custom fields…