Fixed possible placement rules XSS

cfs.php

@@ -2,7 +2,7 @@
 /*
 Plugin Name: Custom Field Suite
 Description: Visually add custom fields to your WordPress edit pages.
-Version: 2.6.2.1
+Version: 2.6.3
 Author: Matt Gibbs
 Text Domain: cfs
 Domain Path: /languages/
@@ -21,7 +21,7 @@ class Custom_Field_Suite
     function __construct() {
 
         // setup variables
-        define( 'CFS_VERSION', '2.6.2.1' );
+        define( 'CFS_VERSION', '2.6.3' );
         define( 'CFS_DIR', dirname( __FILE__ ) );
         define( 'CFS_URL', plugins_url( '', __FILE__ ) );
 

includes/init.php

@@ -320,7 +320,7 @@ function cfs_column_content( $column_name, $post_id ) {
                     $values = $temp;
                 }
 
-                echo "<div><strong>$label</strong> " . $operator . ' ' . implode( ', ', $values ) . '</div>';
+                echo "<div><strong>$label</strong> " . $operator . ' ' . esc_html( implode( ', ', $values ) ) . '</div>';
             }
         }
     }

readme.txt

@@ -2,7 +2,7 @@
 Contributors: mgibbs189
 Tags: custom fields, fields, postmeta, relationship, repeater, file upload
 Requires at least: 5.0
-Tested up to: 6.0.1
+Tested up to: 6.2
 Stable tag: trunk
 License: GPLv2
 
@@ -46,6 +46,9 @@ Custom Field Suite (CFS) lets you add custom fields to your posts. It's lightwei
 
 == Changelog ==
 
+= 2.6.3 =
+* Fixed: possible placement rules XSS (props Patchstack)
+
 = 2.6.2.1 =
 * Confirmed 6.0.1 compatibility