WordPress Plugin Vulnerabilities

Custom Field Template < 2.6.2 - Authenticated(Contributor+) Information Exposure

Description

The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the 'cft' shortcode. This makes it possible for authenticated attackers with contributor access and above, to extract sensitive data including arbitrary post metadata.

Affects Plugins

References

Classification

Type
NO AUTHORISATION
CWE

Miscellaneous

Original Researcher
Francesco Carlucci
Verified
No

Timeline

Publicly Published
2024-06-10 (about 2 years ago)
Added
2024-06-10 (about 2 years ago)
Last Updated
2024-07-29 (about 1 year ago)

Other