Vulnerability Details CVE-2019-11871
The Custom Field Suite plugin before 2.5.15 for WordPress has XSS for editors or admins.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.9%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- https://blog.reddy.io/2019/05/30/xss-injection-vulnerability-in-custom-field-suite-wordpress-plugin/
- https://wordpress.org/plugins/custom-field-suite/#developers
- https://wpvulndb.com/vulnerabilities/9273
- https://blog.reddy.io/2019/05/30/xss-injection-vulnerability-in-custom-field-suite-wordpress-plugin/
- https://wordpress.org/plugins/custom-field-suite/#developers
- https://wpvulndb.com/vulnerabilities/9273
Products affected by CVE-2019-11871
-
cpe:2.3:a:custom_field_suite_project:custom_field_suite:-
-
cpe:2.3:a:custom_field_suite_project:custom_field_suite:2.5.10
-
cpe:2.3:a:custom_field_suite_project:custom_field_suite:2.5.11
-
cpe:2.3:a:custom_field_suite_project:custom_field_suite:2.5.12
-
cpe:2.3:a:custom_field_suite_project:custom_field_suite:2.5.13
-
cpe:2.3:a:custom_field_suite_project:custom_field_suite:2.5.14