CVE-2023-4469

The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrfldsexportfile function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially...

CVE-2023-4469 Profile Extra Fields by BestWebSoft <= 1.2.7 - Missing Authorization to Sensitive Information Exposure

The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrfldsexportfile function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially...

CVE-2023-4469

CVE-2023-4469 affects the WordPress plugin Profile Extra Fields by BestWebSoft . The vulnerability is due to a missing capability check in the prflxtrflds_export_file function, allowing unauthenticated attackers to expose potentially sensitive data entered into custom fields, reported for version...

WordPress Profile Extra Fields by BestWebSoft Plugin <= 1.2.7 is vulnerable to Broken Access Control

Software Profile Extra Fields by BestWebSoft Type Plugin Vulnerable versions = 1.2.7 Fixed in 1.2.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-4469 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 924ab2d92750 Credits Alex Thoma...