WP Clinic
Log in Sign up

PLUGIN SECURITY

Is Meta Box safe?

Known vulnerabilities, PHP compatibility and safer alternatives for the Meta Box WordPress plugin — checked against WP Clinic's local security database.

Plugin details

  • Slug: meta-box
  • Requires PHP: 7.4+
  • Max supported PHP (analyzed): 8.4

Known vulnerabilities

  • Meta Box [meta-box] < 5.9.3 [CVE-2023-6526, Meta Box – WordPress Custom Fields Framework <= 5.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting, WordPress Meta Box – WordPress Custom Fields Framework Plugin <= 5.9.2 is vulnerable to Cross Site Scripting (XSS), Meta Box &ndash; WordPress Custom Fields Framework &lt; 5.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting]
  • Meta Box [meta-box] < 5.9.4 [CVE-2024-1204, WordPress Meta Box – WordPress Custom Fields Framework Plugin < 5.9.4 is vulnerable to Broken Access Control, Meta Box &lt; 5.9.4 - Contributor+ Arbitrary Posts&#039; Custom Field Disclosure, Meta Box – WordPress Custom Fields Framework <= 5.9.3 - Authenticated (Contributor+) Information Exposure via Post Meta]
  • Meta Box [meta-box] < 5.9.11 [CVE-2024-43235, WordPress Meta Box – WordPress Custom Fields Framework Plugin <= 5.9.10 is vulnerable to Broken Access Control, Meta Box – WordPress Custom Fields Framework <= 5.9.10 - Missing Authorization to Information Exposure]
  • Meta Box [meta-box] < 5.11.2 [CVE-2025-14675, Meta Box <= 5.11.1 - Authenticated (Contributor+) Arbitrary File Deletion]
  • Meta Box [meta-box] < 5.11.2 [CVE-2026-39468, Meta Box <= 5.11.1 - Authenticated (Contributor+) Arbitrary File Deletion, EUVD-2026-36933]

Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.

Safer / more established alternatives

Check your own WordPress site

Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.