Analyzed
1 day
ago.
based on code collected
1 day
ago.
Major Versions
click and drag to zoom
Security Vulnerabilities for Version:
Severities:
Type
|
Identifier
|
Related Record |
Severity
|
Date Published
|
Description | Versions Affected |
|---|---|---|---|---|---|
| CVE-2017-18611 | Medium | Sep 10, 2019 | The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCCWP_CreateCustomFieldPage.php custom-field-css parameter. |
1.7.1, 1.7, 1.5.5, 1.5.2, 1.5.1, 1.5, 1.4.5, 1.4.1, 1.4, 1.3.2
|
|
| CVE-2017-18610 | Medium | Sep 10, 2019 | The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCCWP_CreateCustomFieldPage.php custom-group-id parameter. |
1.7.1, 1.7, 1.5.5, 1.5.2, 1.5.1, 1.5, 1.4.5, 1.4.1, 1.4, 1.3.2
|
|
| CVE-2017-18609 | Medium | Sep 10, 2019 | The magic-fields plugin before 1.7.2 for WordPress has XSS via the custom-write-panel-id parameter. |
1.7.1, 1.7, 1.5.5, 1.5.2, 1.5.1, 1.5, 1.4.5, 1.4.1, 1.4, 1.3.2
|
|
| BDSA-2017-1625 | High | Oct 11, 2017 | Magic Fields 1 plugin for WordPress is vulnerable to reflected cross-site scripting (XSS) due to insufficient sanitization of user-supplied input and a more... | ||
| BDSA-2016-0506 | High | Oct 24, 2017 | Lack of a Cross Site Request Forgery (*CSRF*) token on the request of adding a magic field and lack of output encoding on the `description` field in th more... |
