China National Vulnerability DatabaseCNVD-2021-101995WordPress Get Custom Field Values plugin access control error vulnerability
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
WordPress is the Wordpress Foundation’s set of blogging platform developed using the PHP language . The platform supports setting up personal blogging sites on PHP and MySQL servers. Get Custom Field Values Plugin is a WordPress open source application plugin. WordPress Get Custom Field Values Plugin in versions prior to 4.0 has an access control error vulnerability that stems from The WordPress plugin allows users with roles as low as Contributor to access the metadata of other posts without validating permissions, and an attacker could exploit the vulnerability to access the metadata of managed posts.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress get custom field values plugin | lt | 4.0 |
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N