Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitScott Kingsley ClarkWPEX-ID:ECB1E36F-9C6E-4754-8878-03C97194644D
HistoryMar 04, 2024 - 12:00 a.m.

Schema Pro < 2.7.16 - Contributor+ Custom Field Access

2024-03-0400:00:00
Scott Kingsley Clark
47
schema pro
contributor
custom field access
post meta key

AI Score

9.5

Confidence

High

EPSS

0

Percentile

9.0%

JSON

Description The plugin does not validate post access allowing a contributor user to access custom fields on any post regardless of post type or status via a shortcode

As a contributor, add/edit a post and embed `[aiosrs_pro_custom_field post_id="ANY_POST_ID" field_key="ANY_META_KEY"]` and specify/guess any post ID and meta key you may want to access

Save the post and preview it to disclose the post meta key value

Related

cvelist 1
nvd 1
vulnrichment 1
wpvulndb 1
cve 1
wordfence 1
cvelist
cvelist
CVE-2024-1564 Schema Pro < 2.7.16 - Contributor+ Custom Field Access
2024-03-25 05:00:01
nvd
nvd
CVE-2024-1564
2024-03-25 05:15:50
vulnrichment
vulnrichment
CVE-2024-1564 Schema Pro < 2.7.16 - Contributor+ Custom Field Access
2024-03-25 05:00:01
wpvulndb
wpvulndb
Schema Pro < 2.7.16 - Contributor+ Custom Field Access
2024-03-04 00:00:00
cve
cve
CVE-2024-1564
2024-03-25 05:15:50
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 4, 2024 to March 10, 2024)
2024-03-14 14:43:23

AI Score

9.5

Confidence

High

EPSS

0

Percentile

9.0%

JSON
Related for WPEX-ID:ECB1E36F-9C6E-4754-8878-03C97194644D
cvelist1nvd1vulnrichment1wpvulndb1cve1wordfence1