Описание
The Get Custom Field Values WordPress plugin before 4.0 allows users with a role as low as Contributor to access other posts metadata without validating the permissions. Eg. contributors can access admin posts metadata.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.0 (исключая)
cpe:2.3:a:get_custom_field_values_project:get_custom_field_values:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 67%
0.00545
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-863
Связанные уязвимости
github
около 4 лет назад
The Get Custom Field Values WordPress plugin before 4.0 allows users with a role as low as Contributor to access other posts metadata without validating the permissions. Eg. contributors can access admin posts metadata.
EPSS
Процентиль: 67%
0.00545
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-863