Published on: Not Yet Published
Last Modified on: 01/24/2023 07:47:00 PM UTC
The Custom Post Types and Custom Fields creator WordPress plugin before 2.3.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).
- CVE-2022-4442 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.
- Affected Vendor/Software: Unknown - Custom Post Types and Custom Fields creator version = 0
CVSS3 Score: 4.8 - MEDIUM
|Just a moment...|| wpscan.com |
Inactive LinkNot Archived
Known Affected Configurations (CPE V2.3)
|Application||Cozmoslabs||Custom Post Types And Custom Fields Creator||All||All||All||All|