Stored Cross-Site Scripting Vulnerability in Display Custom Fields Plugin for WordPress
CVE-2023-6982
6.4MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 5 February 2024
What is CVE-2023-6982?
The Display Custom Fields in the frontend – Post and User Profile Fields plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping on user-supplied attributes. This vulnerability allows authenticated attackers with contributor-level and higher permissions to insert malicious web scripts into pages, which will execute for any user visiting the compromised page. This poses a significant risk as it can lead to data manipulation, unauthorized access, and other malicious activities.
Affected Version(s)
Display custom fields in the frontend – Post and User Profile Fields * <= 1.2.1