Abstract Cross-site scripting (XSS) vulnerability (CVE-2019-11871) in the Matt Gibbs plugin Custom Field Suite, versions before 2.5.1.4, allows attackers to inject arbitrary web script or HTML via the field name parameter. Vulnerability Description Matt Gibbs plugin Custom Field Suite is vulnerable to Cross-site scripting (XSS)…