CVE-2025-14675
- EPSS 0.68%
- Veröffentlicht 07.03.2026 07:22:02
- Zuletzt bearbeitet 07.03.2026 08:16:05
The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajax_delete_file' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, w...
CVE-2024-43235
- EPSS 0.26%
- Veröffentlicht 01.11.2024 15:15:43
- Zuletzt bearbeitet 01.11.2024 20:24:53
Missing Authorization vulnerability in MetaBox.Io Meta Box – WordPress Custom Fields Framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meta Box – WordPress Custom Fields Framework: from n/a through 5...
CVE-2024-1204
- EPSS 0.27%
- Veröffentlicht 15.04.2024 05:15:14
- Zuletzt bearbeitet 15.05.2025 13:40:27
The Meta Box WordPress plugin before 5.9.4 does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts.
CVE-2023-6526
- EPSS 0.18%
- Veröffentlicht 05.02.2024 22:15:55
- Zuletzt bearbeitet 21.11.2024 08:44:01
The Meta Box – WordPress Custom Fields Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta values displayed through the plugin's shortcode in all versions up to, and including, 5.9.2 due to insufficient in...
CVE-2019-14794
- EPSS 0.46%
- Veröffentlicht 09.08.2019 14:15:11
- Zuletzt bearbeitet 21.11.2024 04:27:22
The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders.
CVE-2019-14793
- EPSS 0.16%
- Veröffentlicht 09.08.2019 13:15:12
- Zuletzt bearbeitet 21.11.2024 04:27:21
The Meta Box plugin before 4.16.3 for WordPress allows file deletion via ajax, with the wp-admin/admin-ajax.php?action=rwmb_delete_file attachment_id parameter.