Display custom fields in the frontend – Post and User Profile Fields < 1.3.0 – Authenticated (Contributor+) Code Injection | CVE 2023-6996 | Plugin Vulnerabilities

Description

The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Code Injection via the plugin's vg_display_data shortcode in all versions up to, and including, 1.2.1 due to insufficient input validation and restriction on access to that shortcode. This makes it possible for authenticated attackers with contributor-level and above permissions to call arbitrary functions and execute code.

Affects Plugins

shortcode-to-display-post-and-user-data

Fixed in 1.3.0

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/e0662c3a-5b82-4b9a-aa69-147094930d1f

Classification

Type

RCE

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

Francesco Carlucci

Verified

No

WPVDB ID

f4021c0c-e0e2-49a9-a519-4968b12a4325

Timeline

Publicly Published

2024-01-16 (about 2 years ago)

Added

2024-01-18 (about 2 years ago)

Last Updated

2024-01-18 (about 2 years ago)

Other

Published

Title

Published

2022-02-08

Title

PHP Everywhere < 3.0.0 - Contributor+ RCE via Metabox

Published

2024-05-09

Title

Orders Tracking for WooCommerce < 1.2.11 - Unauthenticated Arbitrary Shortcode Execution

Published

2014-08-01

Title

WP-Super-Cache 1.3 - Remote Code Execution

Published

2017-11-11

Title

WP Support Plus Responsive Ticket System < 8.0.8 - Remote Code Execution (RCE)

Published

2024-05-22

Title

Oxygen Builder < 4.8.3 - Authenticated (Contributor+) Remote Code Execution