CVE-2017-9419

MEDIUM

Webhammer WP Custom Fields Search <0.3.28 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the Webhammer WP Custom Fields Search plugin 0.3.28 for WordPress allows remote attackers to inject arbitrary JavaScript via the cs-all-0 parameter.

References (1)

[Third Party Advisory] https://wpvulndb.com/vulnerabilities/8848

Scores

CVSS v3 6.1

EPSS 0.0019

EPSS Percentile 40.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

webhammer/wp_custom_fields_search

n/a/n/a

Published Jun 15, 2017

Tracked Since Feb 18, 2026