← back
CVE-2016-20083

WordPress More Fields Plugin 2.1 Cross-Site Request Forgery

CVSS 6.9 MEDIUMEPSS 0.1%CWE-352
WordPress More Fields Plugin 2.1 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by disabling CSRF token validation. Attackers can craft malicious web pages that trick logged-in administrators into adding or deleting custom fields and boxes on the Write/Edit page via POST and GET requests to the options-general.php endpoint.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L
Affected products
henrikmelin · More Fields
public PoCs found1
cve_referencewww.exploit-db.com/exploits/39507unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wordpress.org/support/plugin/more-fieldshttps://www.exploit-db.com/exploits/39507https://www.vulncheck.com/advisories/wordpress-more-fields-plugin-cross-site-request-forgery