Headline
CVE-2023-1661: Display post meta, term meta, comment meta, and user meta
The Display post meta, term meta, comment meta, and user meta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post metadata in versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Description
This plugin has been closed as of May 30, 2023 and is not available for download. This closure is temporary, pending a full review.
Reviews
There are no reviews for this plugin.
Contributors & Developers
“Display post meta, term meta, comment meta, and user meta” is open source software. The following people have contributed to this plugin.
Contributors
- Manuel Canga
“Display post meta, term meta, comment meta, and user meta” has been translated into 4 locales. Thank you to the translators for their contributions.
Translate “Display post meta, term meta, comment meta, and user meta” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.