CVE-2023-4469

The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrfldsexportfile function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially...

EUVD-2023-54324

Malicious code in bioql PyPI...

Profile Extra Fields by BestWebSoft < 1.2.8 - Unauthenticated Sensitive Data Disclosure

Description The plugin does not have authorisation in the prflxtrfldsexportfile function, allowing unauthenticated users to retrieve sensitive data such as the ones entered in custom fields...

CVE-2023-4469

The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrfldsexportfile function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially...

Design/Logic Flaw

The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrfldsexportfile function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially...

CVE-2023-4469 Profile Extra Fields by BestWebSoft <= 1.2.7 - Missing Authorization to Sensitive Information Exposure

The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrfldsexportfile function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially...

CVE-2023-4469 Profile Extra Fields by BestWebSoft <= 1.2.7 - Missing Authorization to Sensitive Information Exposure

The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrfldsexportfile function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially...

CVE-2023-4469

CVE-2023-4469 affects the WordPress plugin Profile Extra Fields by BestWebSoft . The vulnerability is due to a missing capability check in the prflxtrflds_export_file function, allowing unauthenticated attackers to expose potentially sensitive data entered into custom fields, reported for version...

WordPress Profile Extra Fields by BestWebSoft Plugin <= 1.2.7 is vulnerable to Broken Access Control

Software Profile Extra Fields by BestWebSoft Type Plugin Vulnerable versions = 1.2.7 Fixed in 1.2.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-4469 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 924ab2d92750 Credits Alex Thoma...

PT-2023-29278 · Bestwebsoft · Profile Extra Fields

Name of the Vulnerable Software and Affected Versions: The Profile Extra Fields by BestWebSoft plugin for WordPress versions up to, and including, 1.2.7 Description: The issue is related to unauthorized access of data due to a missing capability check on the prflxtrflds export file function. This...

WordPress Plugin Profile Extra Fields by BestWebSoft Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress Plugin...

Profile Extra Fields < 1.2.4 - Reflected Cross-Site Scripting

The plugin does not escape the role parameter when outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=profile-extra-fields.php&tab-action=userdata&role="alert/XSS/...

Profile Extra Fields < 1.2.4 - Reflected Cross-Site Scripting

The plugin does not escape the role parameter when outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/wp-admin/admin.php?page=profile-extra-fields.php&tab-action;=userdata="...

WordPress Profile Extra Fields by BestWebSoft plugin <= 1.2.3 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress Profile Extra Fields by BestWebSoft plugin versions = 1.2.3. Solution Update the WordPress Profile Extra Fields by BestWebSoft plugin to the latest available version at least 1.2.4...