CVE-2017-18610

Name of the Vulnerable Software and Affected Versions magic-fields plugin versions prior to 1.7.2

Description The issue concerns a Cross-Site Scripting (XSS) vulnerability. It affects the magic-fields plugin for WordPress, specifically through the custom-group-id parameter in the RCCWP CreateCustomFieldPage.php file.

Recommendations For versions prior to 1.7.2, update to version 1.7.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the RCCWP CreateCustomFieldPage.php file or avoiding the use of the custom-group-id parameter until the update is applied.