Lucene search
Scott Kingsley ClarkWPEX-ID:03191B00-0B05-42DB-9CE2-FC525981B6C9HistoryMar 25, 2024 - 12:00 a.m.
Meta Box < 5.9.4 - Contributor+ Arbitrary Posts' Custom Field Disclosure
2024-03-2500:00:00
Scott Kingsley Clark
22
meta box
arbitrary posts
custom field disclosure
contributor
shortcode
exploit
security issue
Description The plugin does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user’s posts.
1. ADMIN: Install Meta Box
2. ADMIN: Add Meta Box fields through code or the premium add-on (https://gist.github.com/sc0ttkclark/f4f1b94d3a8bc7f00614acf5d80dbd2e)
3. CONTRIBUTOR: Add shortcode to any post and specify/guess any post ID + field key and save
4. CONTRIBUTOR: Preview the post and see that custom field is output without any further checks for access
Example shortcode: `[rwmb_meta object_id="ANY_POST_ID" id="ANY_META_BOX_FIELD_KEY"]`
Example shortcode for my Gist: `[rwmb_meta object_id="1234" id="test_field"]`Related
nvd
nvd
CVE-2024-1204
2024-04-15 05:15:14
wpvulndb
wpvulndb
Meta Box < 5.9.4 - Contributor+ Arbitrary Posts' Custom Field Disclosure
2024-03-25 00:00:00
cvelist
cvelist
cve
cve
CVE-2024-1204
2024-04-15 05:15:14
vulnrichment
vulnrichment
wordfence
wordfence
6.8 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.2%
Related for WPEX-ID:03191B00-0B05-42DB-9CE2-FC525981B6C9