WordPress Plugin Vulnerabilities
Schema Pro < 2.7.16 - Contributor+ Custom Field Access
Description
The plugin does not validate post access allowing a contributor user to access custom fields on any post regardless of post type or status via a shortcode
Proof of Concept
As a contributor, add/edit a post and embed `[aiosrs_pro_custom_field post_id="ANY_POST_ID" field_key="ANY_META_KEY"]` and specify/guess any post ID and meta key you may want to access Save the post and preview it to disclose the post meta key value
Affects Plugins
References
CVE
YouTube Video
Classification
Type
ACCESS CONTROLS
OWASP top 10
CWE
Miscellaneous
Original Researcher
Scott Kingsley Clark
Submitter
Scott Kingsley Clark
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2024-03-04 (about 2 months ago)
Added
2024-03-04 (about 2 months ago)
Last Updated
2024-03-04 (about 2 months ago)