WordPress Plugin Vulnerabilities

Custom Field Suite <= 2.4 - Insufficient Authorisation

Description

Any authenticated user is able to import and export Custom Field Suite config via AJAX.

Affects Plugins

Plugin icon
custom-field-suite
Fixed in 2.4.1

References

URL
https://www.pritect.net/blog/custom-field-suite-2-4-security-vulnerability

Miscellaneous

Submitter
James Golovich
Submitter website
http://www.pritect.net
Submitter twitter
Pritect
Verified
No
WPVDB ID
f8677497-be90-45d1-b241-9dc181c0fa0d

Timeline

Publicly Published
2015-03-12 (about 11 years ago)
Added
2015-03-13 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2026-04-14
Title
Amelia < 2.3 - Unauthenticated Booking Status Manipulation
Published
2025-08-21
Title
Wp Edit Password Protected < 1.3.5 - Protection Bypass via REST API
Published
2019-04-10
Title
Yuzo Related Posts < 5.12.94 - Unauthenticated Call Any Action or Update Any Option
Published
2025-11-10
Title
Hydra Booking < 1.1.28 - Unauthenticated Arbitrary Booking Cancellation via Weak Hash Generation
Published
2023-07-27
Title
Change WP Admin < 1.1.4 - Secret Login Page Disclosure