CVE-2021-24872
Get Custom Field Values < 4.0 - Contributors+ Arbitrary Post Metadata Access
The Get Custom Field Values WordPress plugin before 4.0 allows users with a role as low as Contributor to access other posts metadata without validating the permissions. Eg. contributors can access admin posts metadata.
Affected products
Unknown · Get Custom Field ValuesWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →