Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbFrancesco CarlucciWPVDB-ID:EC23734A-5EA7-4E46-ABA9-3DEE4E6DFFB6
HistoryNov 09, 2021 - 12:00 a.m.

Get Custom Field Values < 4.0 - Contributors+ Arbitrary Post Metadata Access

2021-11-0900:00:00
Francesco Carlucci
wpscan.com
8
custom field access
plugin vulnerability
arbitrary post metadata

EPSS

0.001

Percentile

32.8%

JSON

The plugin allows users with a role as low as Contributor to access other posts metadata without validating the permissions. Eg. contributors can access admin posts metadata.

PoC

[custom_field field=“{field_name}” post_id=“{ID}”] e.g [custom_field field=“_ctct_verify_key” post_id=“23”]

Related

cnvd 1
cvelist 1
osv 1
cve 1
patchstack 1
prion 1
wpexploit 1
nvd 1
cnvd
cnvd
WordPress Get Custom Field Values plugin access control error vulnerability
2021-12-18 00:00:00
cvelist
cvelist
CVE-2021-24872 Get Custom Field Values < 4.0 - Contributors+ Arbitrary Post Metadata Access
2021-12-13 10:41:16
osv
osv
CVE-2021-24872
2021-12-13 11:15:09
cve
cve
CVE-2021-24872
2021-12-13 11:15:09
patchstack
patchstack
WordPress Get Custom Field Values plugin <= 3.9.4 - Arbitrary Post Metadata Access vulnerability
2021-11-09 00:00:00
prion
prion
Design/Logic Flaw
2021-12-13 11:15:00
wpexploit
wpexploit
Get Custom Field Values < 4.0 - Contributors+ Arbitrary Post Metadata Access
2021-11-09 00:00:00
nvd
nvd
CVE-2021-24872
2021-12-13 11:15:09

EPSS

0.001

Percentile

32.8%

JSON
Related for WPVDB-ID:EC23734A-5EA7-4E46-ABA9-3DEE4E6DFFB6
cnvd1cvelist1osv1cve1patchstack1prion1wpexploit1nvd1