CVE-2017-18611

Name of the Vulnerable Software and Affected Versions magic-fields plugin versions prior to 1.7.2

Description The issue concerns a cross-site scripting (XSS) flaw. It is located in the RCCWP CreateCustomFieldPage.php file and is related to the custom-field-css parameter. This parameter is vulnerable to XSS attacks.

Recommendations For versions prior to 1.7.2, update to version 1.7.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the RCCWP CreateCustomFieldPage.php file or avoiding the use of the custom-field-css parameter until the update is applied.