CVE-2024-33641

🗓️ 29 Apr 2024 07:36:15Reported by PatchstackType

Team Yoast Custom field finder Deserialization Vulnerability

Reporter	Title	Published	Views	Family All 11
CNNVD	WordPress plugin Custom field finder 代码问题漏洞	29 Apr 202400:00	–	cnnvd
Cvelist	CVE-2024-33641 WordPress Custom field finder plugin <= 0.3 - PHP Object Injection vulnerability	29 Apr 202407:36	–	cvelist
EUVD	EUVD-2024-31357	3 Oct 202520:07	–	euvd
NVD	CVE-2024-33641	29 Apr 202408:15	–	nvd
Patchstack	WordPress Custom field finder Plugin <= 0.3 is vulnerable to PHP Object Injection	25 Apr 202400:00	–	patchstack
Patchstack	WordPress Custom field finder plugin <= 0.3 - PHP Object Injection vulnerability	25 Apr 202417:58	–	patchstack
Positive Technologies	PT-2024-25402 · Yoast · Team Yoast Custom Field Finder	29 Apr 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-33641	23 May 202507:57	–	redhatcve
Vulnrichment	CVE-2024-33641 WordPress Custom field finder plugin <= 0.3 - PHP Object Injection vulnerability	29 Apr 202407:36	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (April 22, 2024 to April 28, 2024)	2 May 202414:49	–	wordfence

Vulners

Node

team_yoast custom_field_finderRange≤0.3wordpress

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "custom-field-finder",
    "product": "Custom field finder",
    "vendor": "Team Yoast",
    "versions": [
      {
        "changes": [
          {
            "at": "0.4",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "0.3",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
patchstack	www.patchstack.com/database/vulnerability/custom-field-finder/wordpress-custom-field-finder-plugin-0-3-php-object-injection-vulnerability

28 Apr 2026 19:25Current

5.2Medium risk

Vulners AI Score5.2

CVSS 3.15.4

EPSS0.00236

SSVC

CWE-502