| CVE-2024-31267 | WordPress Flexible Checkout Fields for WooCommerce plugin <= 4.1.2 - Broken Access Control vulnerability | WP Desk | Flexible Checkout Fields for WooCommerce | Medium | 4.3 | 2024-06-09 11:14:37 | Deep Dive |
| CVE-2023-26523 | WordPress Calculated Fields Form plugin <= 1.1.120 - Missing Authorization Leading To Feedback Submission Vulnerability | CodePeople | Calculated Fields Form | Medium | 4.3 | 2024-06-03 21:42:10 | Deep Dive |
| CVE-2022-45070 | WordPress Conditional Checkout Fields for WooCommerce plugin <= 1.2.3 - Broken Authentication vulnerability | FmeAddons | Conditional Checkout Fields for WooCommerce | Medium | 5.3 | 2024-05-17 06:27:26 | Deep Dive |
| CVE-2024-3956 | Pods – Custom Content Types and Fields <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pod Form Redirect URL | sc0ttkclark | Pods – Custom Content Types and Fields | Medium | 5.4 | 2024-05-10 08:32:34 | Deep Dive |
| CVE-2024-0613 | Delete Custom Fields <= 0.3.1 - Cross-Site Request Forgery to Post Meta Deletion | gluten | Delete Custom Fields | Medium | 6.1 | 2024-05-02 16:52:34 | Deep Dive |
| CVE-2024-33956 | WordPress Custom WooCommerce Checkout Fields Editor plugin <= 1.3.0 - Broken Access Control vulnerability | ThemeLocation | Custom WooCommerce Checkout Fields Editor | Medium | 4.3 | 2024-05-02 11:24:42 | Deep Dive |
| CVE-2024-3962 | Product Addons & Fields for WooCommerce <= 32.0.18 - Unauthenticated Arbitrary File Upload via ppom_upload_file | themeisle | PPOM – Product Addons & Custom Fields for WooCommerce | Critical | 9.8 | 2024-04-26 08:29:20 | Deep Dive |
| CVE-2024-31431 | WordPress Product Input Fields for WooCommerce plugin <= 1.7.0 - Cross Site Request Forgery (CSRF) vulnerability | Tyche Softwares | Product Input Fields for WooCommerce | Medium | 4.3 | 2024-04-15 09:31:56 | Deep Dive |
| CVE-2023-6999 | Pods - Custom Content Types and Fields - Authenticated (Contributor+) Remote Code Execution | sc0ttkclark | Pods – Custom Content Types and Fields | High | 8.8 | 2024-04-09 18:59:26 | Deep Dive |
| CVE-2023-6965 | Pods - Custom Content Types and Fields - Missing Authorization | sc0ttkclark | Pods – Custom Content Types and Fields | Medium | 4.3 | 2024-04-09 18:59:21 | Deep Dive |
| CVE-2023-6993 | Custom post types, Custom Fields & more <= 5.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | totalpressorg | Custom post types, Custom Fields & more | Medium | 6.4 | 2024-04-09 18:58:40 | Deep Dive |
| CVE-2023-6967 | Pods - Custom Content Types and Fields - Authenticated (Contributor+) SQL Injection via Shortcode | sc0ttkclark | Pods – Custom Content Types and Fields | High | 8.8 | 2024-04-09 18:58:35 | Deep Dive |
| CVE-2024-31094 | WordPress Filter Custom Fields & Taxonomies Light plugin <= 1.05 - PHP Object Injection vulnerability | Filter Custom Fields & Taxonomies Light | Filter Custom Fields & Taxonomies Light | - | - | 2024-03-31 18:03:50 | Deep Dive |
| CVE-2024-30518 | WordPress Custom WooCommerce Checkout Fields Editor plugin <= 1.3.0 - Cross Site Request Forgery (CSRF) vulnerability | ThemeLocation | Custom WooCommerce Checkout Fields Editor | Medium | 4.3 | 2024-03-29 15:54:43 | Deep Dive |
| CVE-2024-29759 | WordPress Calculated Fields Form plugin <= 1.2.54 - Reflected Cross Site Scripting (XSS) vulnerability | CodePeople | Calculated Fields Form | High | 7.1 | 2024-03-27 13:17:52 | Deep Dive |
| CVE-2024-1697 | Custom WooCommerce Checkout Fields Editor <= 1.3.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting | themelocation | Custom WooCommerce Checkout Fields Editor | Medium | 6.4 | 2024-03-23 01:57:40 | Deep Dive |
| CVE-2024-1995 | Smart Custom Fields <= 4.2.2 - Missing Authorization to Authenticated (Subscriber+) Post Content Disclosure | inc2734 | Smart Custom Fields | Medium | 4.3 | 2024-03-20 01:58:05 | Deep Dive |
| CVE-2024-0829 | Comments Extra Fields For Post,Pages and CPT <= 5.0 - Missing Authorization | nmedia | Comments Extra Fields For Post,Pages and CPT | Medium | 4.3 | 2024-03-13 15:27:15 | Deep Dive |
| CVE-2023-6809 | Custom fields shortcode <= 0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode | gonahkar | Custom fields shortcode | Medium | 6.4 | 2024-03-13 15:27:07 | Deep Dive |
| CVE-2024-0830 | Comments Extra Fields For Post,Pages and CPT <= 5.0 - Cross-Site Request Forgery | nmedia | Comments Extra Fields For Post,Pages and CPT | Medium | 4.3 | 2024-03-13 15:27:05 | Deep Dive |