CVE-2023-6526

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Feb 5, 2024

Updated: Feb 12, 2024

CWE ID 79

Summary

CVE-2023-6526 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Meta Box – WordPress Custom Fields Framework plugin. This issue, present in all versions up to 5.9.2, allows authenticated attackers with contributor-level access or higher to inject malicious scripts. The vulnerability stems from insufficient input sanitization and output escaping in handling custom post meta values displayed via the plugin's shortcode. As a result, any user who accesses an injected page will unwittingly execute the attacker's scripts.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Metabox

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tsgDpc
https://www.cve.org/CVERecord?id=CVE-2023-6526
https://nvd.nist.gov/vuln/detail/CVE-2023-6526

Back to Vulnerability Database

CVE-2023-6526

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations