3 matches found
CVE-2023-45604
CVE-2023-45604 affects WordPress users running the Scott Reilly Get Custom Field Values plugin, version
CVE-2021-24871
The CVE-2021-24871 entry concerns the WordPress Get Custom Field Values plugin (pre-4.0.1). The underlying issue is lack of escaping/output sanitization of custom field values, enabling Cross-Site Scripting (XSS) for users with a role as low as contributor. Affected component is the plugin’s outp...
CVE-2021-24872
The CVE-2021-24872 entry concerns the WordPress Get Custom Field Values plugin, prior to version 4.0, where users with a low-privilege role (as low as Contributor) can access other posts’ metadata without permission checks. The root cause is an access-control flaw that allows metadata exposure ac...