CVE-2019-11871
The Custom Field Suite plugin before 2.5.15 for WordPress has XSS for editors or admins.
Date published : 2019-05-09
https://blog.reddy.io/2019/05/30/xss-injection-vulnerability-in-custom-field-suite-wordpress-plugin/
https://wordpress.org/plugins/custom-field-suite/#developers