Wpgogo Custom Field Template — known CVE vulnerabilities
Every CVE whose affected-product data names Wpgogo Custom Field Template, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2022-4324 — CVSS 7.2 (high): The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported file, which could lead to PHP object…
CVE-2024-44062 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field…
CVE-2023-6745 — CVSS 6.4 (medium): The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cpt' shortcode in all…
CVE-2024-0627 — CVSS 6.4 (medium): The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom field name column in…
CVE-2024-0653 — CVSS 4.4 (medium): The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and…
CVE-2023-6748 — CVSS 4.3 (medium): The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1…
CVE-2023-22695 — CVSS 4.3 (medium): Cross-Site Request Forgery (CSRF) vulnerability in Hiroaki Miyashita Custom Field Template plugin <= 2.5.8 versions.
CVE-2020-36742 — CVSS 4.3 (medium): The Custom Field Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.1. This is…