EUVD-2024-16613

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

WordPress Comments Extra Fields plugin is vulnerable to Missing Authorization, allowing attacks by subscribers.

Reporter	Title	Published	Views	Family All 11
CNNVD	WordPress Plugin Comments Extra Fields For Post,Pages and CPT Security Vulnerability	13 Mar 202400:00	–	cnnvd
CVE	CVE-2024-0829	13 Mar 202415:27	–	cve
Cvelist	CVE-2024-0829 Comments Extra Fields For Post,Pages and CPT <= 5.0 - Missing Authorization	13 Mar 202415:27	–	cvelist
NVD	CVE-2024-0829	13 Mar 202416:15	–	nvd
OSV	CVE-2024-0829	13 Mar 202416:15	–	osv
Patchstack	WordPress WordPress Comments Fields Plugin <= 5.0 is vulnerable to Broken Access Control	26 Feb 202400:00	–	patchstack
Prion	Authorization	13 Mar 202416:15	–	prion
RedhatCVE	CVE-2024-0829	23 May 202509:54	–	redhatcve
Vulnrichment	CVE-2024-0829 Comments Extra Fields For Post,Pages and CPT <= 5.0 - Missing Authorization	13 Mar 202415:27	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (February 26, 2024 to March 3, 2024)	7 Mar 202416:12	–	wordfence

[
  {
    "enisaIdVendor": [
      {
        "id": "6b5ee1df-3b21-39f9-af1f-1f856dd7254f",
        "vendor": {
          "name": "nmedia"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "96ac9b98-9c15-3f08-ac85-fb88d93490ce",
        "product": {
          "name": "Comments Extra Fields For Post,Pages and CPT"
        },
        "product_version": "* ≤5.0"
      },
      {
        "id": "9879fbde-aeb6-3923-863d-7d7c6195ab90",
        "product": {
          "name": "Comments Extra Fields For Post,Pages and CPT"
        }
      }
    ]
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/cc5754c2-a052-41ac-af19-7c4f55860f95
plugins	www.plugins.trac.wordpress.org/browser/wp-comment-fields/trunk/classes/admin.class.php
plugins	www.plugins.trac.wordpress.org/changeset

03 Oct 2025 20:07Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.14.3

EPSS0.00132

SSVC