WordPress Smart Custom Fields plugin <= 5.0.6 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Relational Post Search vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Broken Access Control
Score:
4.3
Fixed in Version 5.0.7

Timeline

Publicly Published
2026-03-24
Created
2026-03-24

WordPress Smart Custom FIelds plugin <= 5.0.0 - Cross Site Scripting (XSS) vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 5.0.1

Timeline

Publicly Published
2025-01-06
Created
2025-01-06