Arbitrary Post Metadata Access vulnerability discovered by Francesco Carlucci in WordPress Get Custom Field Values plugin (versions <= 3.9.4).
Update the WordPress Get Custom Field Values plugin to the latest available version (at least 4.0).