CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25169 – WordPress Authors Autocomplete Meta Box plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-25169
02 Feb 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Authors Autocomplete Meta Box allows Reflected XSS. This issue affects Authors Autocomplete Meta Box: from n/a through 1.2. The Authors Autocomplete Meta Box plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary... • https://patchstack.com/database/wordpress/plugin/authors-autocomplete-meta-box/vulnerability/wordpress-authors-autocomplete-meta-box-plugin-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43235 – WordPress Meta Box plugin <= 5.9.10 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-43235
09 Aug 2024 — Missing Authorization vulnerability in MetaBox.Io Meta Box – WordPress Custom Fields Framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meta Box – WordPress Custom Fields Framework: from n/a through 5.9.10. The Meta Box – WordPress Custom Fields Framework plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the query function called via 'ajax_get_posts' in versions up to, and including, 5.9.10. This makes it ... • https://patchstack.com/database/vulnerability/meta-box/wordpress-meta-box-plugin-5-9-10-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •