CVSS 3.1 Score 4.4 of 10 (medium)


Published Feb 29, 2024


The Custom Field Suite plugin for WordPress, up to and including version 2.6.4, is affected by the vulnerability CVE-2024-0689. This vulnerability allows authenticated attackers with administrator-level permissions or higher to inject arbitrary web scripts in pages, leading to stored cross-site scripting. The injection occurs via a meta import due to insufficient input sanitization and output escaping on the meta values. This vulnerability only affects multi-site installations and installations where unfiltered_html has been disabled. The potential danger of this vulnerability is that it allows attackers to execute malicious scripts whenever a user accesses an injected page, posing a risk to the security and integrity of an organization's WordPress website.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-0689 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options