Описание
The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the 'cft' shortcode. This makes it possible for authenticated attackers with contributor access and above, to extract sensitive data including arbitrary post metadata.
Ссылки
- Patch
- Third Party Advisory
- Patch
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.6.2 (исключая)
cpe:2.3:a:wpgogo:custom_field_template:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 62%
0.00423
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-922
Связанные уязвимости
CVSS3: 4.3
github
больше 1 года назад
The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the 'cft' shortcode. This makes it possible for authenticated attackers with contributor access and above, to extract sensitive data including arbitrary post metadata.
EPSS
Процентиль: 62%
0.00423
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-922