4 matches found
CVE-2023-4469
The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrfldsexportfile function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially...
CVE-2023-4469
CVE-2023-4469 affects the WordPress plugin Profile Extra Fields by BestWebSoft . The vulnerability is due to a missing capability check in the prflxtrflds_export_file function, allowing unauthenticated attackers to expose potentially sensitive data entered into custom fields, reported for version...
CVE-2023-4469 Profile Extra Fields by BestWebSoft <= 1.2.7 - Missing Authorization to Sensitive Information Exposure
The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrfldsexportfile function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially...
WordPress Profile Extra Fields by BestWebSoft Plugin <= 1.2.7 is vulnerable to Broken Access Control
Software Profile Extra Fields by BestWebSoft Type Plugin Vulnerable versions = 1.2.7 Fixed in 1.2.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-4469 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 924ab2d92750 Credits Alex Thoma...