2 matches found
CVE-2021-24872
The Get Custom Field Values WordPress plugin before 4.0 allows users with a role as low as Contributor to access other posts metadata without validating the permissions. Eg. contributors can access admin posts metadata...
CVE-2021-24872
The CVE-2021-24872 entry concerns the WordPress Get Custom Field Values plugin, prior to version 4.0, where users with a low-privilege role (as low as Contributor) can access other posts’ metadata without permission checks. The root cause is an access-control flaw that allows metadata exposure ac...