Skip to main content

Meta Box

4 CVEs product

Monthly

CVE-2024-1204 MEDIUM POC This Month

The Meta Box WordPress plugin before 5.9.4 does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Meta Box
NVD WPScan
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-6526 MEDIUM PATCH This Month

The Meta Box - WordPress Custom Fields Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta values displayed through the plugin's shortcode in all versions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Meta Box
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2019-14794 HIGH This Week

The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Meta Box
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2019-14793 MEDIUM POC This Month

The Meta Box plugin before 4.16.3 for WordPress allows file deletion via ajax, with the wp-admin/admin-ajax.php?action=rwmb_delete_file attachment_id parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress PHP Meta Box
NVD
CVSS 3.0
6.5
EPSS
1.0%
EPSS 1% CVSS 4.3
MEDIUM POC This Month

The Meta Box WordPress plugin before 5.9.4 does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Meta Box
NVD WPScan
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

The Meta Box - WordPress Custom Fields Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta values displayed through the plugin's shortcode in all versions. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Meta Box
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Meta Box
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

The Meta Box plugin before 4.16.3 for WordPress allows file deletion via ajax, with the wp-admin/admin-ajax.php?action=rwmb_delete_file attachment_id parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress PHP +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy