WordPress Custom Field Template Plugin <= 2.5.9 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-38392

7.1HIGH

Key Information:

Vendor: WordPress
Status: Custom Field Template
Vendor: CVE Published:; 7 August 2023

What is CVE-2023-38392?

The Custom Field Template Plugin for WordPress, prior to version 2.5.9, is susceptible to a reflected cross-site scripting (XSS) vulnerability. This flaw could allow unauthenticated attackers to execute arbitrary JavaScript code in the context of the user’s browser, potentially leading to data theft, session hijacking, or defacement of the website. It is critical for users to update to the latest version to mitigate this risk.

Affected Version(s)

Custom Field Template <= 2.5.9

References

https://patchstack.com/database/vulnerability/custom-fiel...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 7, 2023
Vulnerability Reserved
Jul 17, 2023

Credit

Phd (Patchstack Alliance)

CVE-2023-38392 Data

JSON