CVE-2025-46502

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bas Matthee LSD Custom taxonomy and category meta custom-taxonomy-category-and-term-fields allows Cross Site Request Forgery.This issue affects LSD Custom taxonomy and category meta: from n/a through <= 1.3.2.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

Affected products

Bas Matthee / LSD Custom taxonomy and category meta0 – 1.3.2

References

MISChttps://patchstack.com/database/Wordpress/Plugin/custom-taxonomy-category-and-term-fields/vulnerability/wordpress-lsd-custom-taxonomy-and-category-meta-plugin-1-3-2-csrf-to-xss-vulnerability?_s_id=cve