Cross-Site Scripting in Custom Field Suite for WordPress

CVE-2019-11871

What is CVE-2019-11871?

The Custom Field Suite plugin for WordPress, prior to version 2.5.15, is susceptible to a Cross-Site Scripting (XSS) vulnerability affecting users with editor or admin roles. This flaw allows attackers to inject malicious scripts, potentially leading to unauthorized data access or control over user sessions. Website administrators are urged to update to the latest version to mitigate the risk and enhance the security of their WordPress sites.

References