cleantalk
Vulnerabilities and Security Researches

MB Custom Post Types & Custom Taxonomies, CVE-2024-10143

CVE, Research URL

CVE-2024-10143

Home page URL

Security reports for MB Custom Post Types & Custom Taxonomies

Application

MB Custom Post Types & Custom Taxonomies

Published on
May 16, 2025
Research Description
The MB Custom Post Types & Custom Taxonomies WordPress plugin before 2.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions
Min -, max 2.7.7.
Status
vulnerable
Previous vulnerability researches
SB Chart block (CVE-2025-3661) , Apr 20, 2025
New vulnerability
HD Quiz (CVE-2024-13383) , May 17, 2025
AffiliateImporterEb (CVE-2024-12733) , May 17, 2025
AffiliateImporterEb (CVE-2024-12732) , May 17, 2025
Broadstreet (CVE-2025-48113) , May 17, 2025
Prisna GWT – Google Website Translator (CVE-2024-12679) , May 17, 2025