Cross-Site Scripting in Custom Field Suite for WordPress
CVE-2019-11871

5.4MEDIUM

Key Information:

Vendor: Wordpress
Status: Custom Field Suite
Vendor: CVE Published:; 10 May 2019

Summary

The Custom Field Suite plugin for WordPress, prior to version 2.5.15, is susceptible to a Cross-Site Scripting (XSS) vulnerability affecting users with editor or admin roles. This flaw allows attackers to inject malicious scripts, potentially leading to unauthorized data access or control over user sessions. Website administrators are urged to update to the latest version to mitigate the risk and enhance the security of their WordPress sites.