Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total3
Critical0
High0
Medium3
Reset
Showing 1-3 of 3 records
Threat Entry Updated 2024-10-29

CVE-2024-9590 - Wp Custom Taxonomy Meta Plugin

The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image meta field value in the 'wpaft_add_meta_textinput' function in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with editor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

PLUGIN Wp Custom Taxonomy Meta

CVE-2024-9590

MEDIUM CVSS 5.5 2024-10-22
Open Full Technical Breakdown
Threat Entry Updated 2024-10-29

CVE-2024-9589 - Wp Custom Taxonomy Meta Plugin

The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'new_meta_name' parameter in the 'wpaft_option_page' function in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with administrator-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

PLUGIN Wp Custom Taxonomy Meta

CVE-2024-9589

MEDIUM CVSS 5.5 2024-10-22
Open Full Technical Breakdown
Threat Entry Updated 2024-10-25

CVE-2024-9588 - Wp Custom Taxonomy Meta Plugin

The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the 'wpaft_option_page' function. This makes it possible for unauthenticated attackers to add and delete taxonomy meta, granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Wp Custom Taxonomy Meta

CVE-2024-9588

MEDIUM CVSS 5.4 2024-10-22
Open Full Technical Breakdown
Scroll to top