Vulnerabilities and security researches fordisplay-a-meta-field-as-block display-a-meta-field-as-block

Aug 20, 2024

CVE, Research URL: CVE-2024-43278
Home page URL: Security reports for Meta Field Block
Application: Meta Field Block
Date: Aug 19, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Phi Phan Meta Field Block allows Stored XSS.This issue affects Meta Field Block: from n/a through 1.2.13.
Affected versions: max 1.2.14.
Status: vulnerable

May 03, 2026

CVE, Research URL: CVE-2024-13362
Home page URL: Security reports for Meta Field Block
Application: Meta Field Block
Date: May 01, 2026
Research Description: Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: max 1.0.
Status: vulnerable

May 16, 2026

CVE, Research URL: CVE-2026-6252
Home page URL: Security reports for Meta Field Block
Application: Meta Field Block
Date: May 14, 2026
Research Description: The Meta Field Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tagName' block attribute in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 1.5.3.
Status: vulnerable