WordPress Plugin Vulnerabilities

Get Custom Field Values < 4.0 - Contributors+ Arbitrary Post Metadata Access

Description

The plugin allows users with a role as low as Contributor to access other posts metadata without validating the permissions. Eg. contributors can access admin posts metadata.

Proof of Concept

[custom_field field="{field_name}" post_id="{ID}"]

e.g [custom_field field="_ctct_verify_key" post_id="23"]

Affects Plugins

Plugin icon
get-custom-field-values
Fixed in 4.0

References

CVE
CVE-2021-24872

Classification

Type
INCORRECT AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-863
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Francesco Carlucci
Submitter
Francesco Carlucci
Submitter website
https://carluc.ci
Submitter twitter
francecarlucci
Verified
Yes
WPVDB ID
ec23734a-5ea7-4e46-aba9-3dee4e6dffb6

Timeline

Publicly Published
2021-11-09 (about 2 years ago)
Added
2021-11-09 (about 2 years ago)
Last Updated
2022-04-11 (about 2 years ago)

Other

Published
Title
Published
2024-01-29
Title
Avada < 7.11.2 - Contributor+ Arbitrary File Upload
Published
2021-09-29
Title
Stylish Price List < 6.9.1 - Subscriber+ Arbitrary Image Upload
Published
2023-11-16
Title
Jetpack < 12.7 - Improper Authorization via WPCom External Media REST endpoints
Published
2023-03-10
Title
GiveWP < 2.25.2 - Contributor+ Arbitrary Content Deletion
Published
2022-11-21
Title
Car Dealer < 3.05 - Subscriber+ Arbitrary Plugin Installation