2 matches found
CVE-2024-1995
The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relationalpostssearch function in all versions up to, and including, 4.2.2. This makes it possible for authenticated attackers, with subscrber-level access and above,...
CVE-2024-1995
CVE-2024-1995 : The Smart Custom Fields WordPress plugin insecurely exposes post content due to a missing capability check in relational_posts_search() in all versions up to and including 4.2.2. This allows authenticated users with Subscriber+ privileges to retrieve password‑protected or private ...